Tenable recently added the ability to query various patch deployment management systems to get the patching status of the system being scanned.
This is a handy feature when you can not use scans in order to query the scanned system directly because of credential or port restrictions.
The set up is explained very well at http://blog.tenablesecurity.com/2011/12/wsus-patch-management-and-nessus.html.
When testing in my environment, the WSUS scan was not working. Looking at the event logs on the WSUS server, showed several account logon failures. A little searching lead me to make the changes detailed in http://technet.microsoft.com/en-us/library/cc720470(WS.10).aspx and voilà…patch management status and other vulnerability details all in one handy report.