Qualys Policy Compliance

Enterprise Security Solutions

QualysGuard Policy Compliance automates the collection of technical controls from information assets within the enterprise; and provides compliance reporting by leveraging a comprehensive knowledge base that is mapped to prevalent security regulations, industry standards and compliance frameworks.

Benefits of QualysGuard Policy Compliance :

Integrated agent-less solution enables scalable management of vulnerability and configuration scanning from a single interface with least impact to IT resources.
Dissolvable agent solution enables deeper configuration analysis without the maintenance of permanent agents.
Rapid global deployment with the QualysGuard Software-as-a-Service (SaaS) delivery model requiring no software installation or maintenance.
Centralized approach for policy definition and control management consolidates many IT compliance and security processes into a single solution.
Customizable auditing capabilities for multiple regulatory mandates and policies.
Comprehensive instructions and audit trails to review and prove compliance with auditors through a workflow to request, review and approve exceptions.

QualysGuard Policy Compliance Features:

Automated compliance scanning using the same QualysGuard infrastructure used for vulnerability scanning.
Continuously maintained knowledgebase is based on CIS and NIST standards and maps to many frameworks & regulations including CIS, COBIT 4.0 and 4.1, ISO 17799 and 27001, NIST SP800-53, ITIL v2, HIPAA, FFIEC, NERC-CIP.
Improved Policy Editor to construct policies from controls and map them to internal standards and external regulations.
Compliance report templates to show compliance by policy, by control, and by host.
Exception management workflow for creating, evaluating, and approving risk acceptance of policy violations.
Collaboration capabilities to review policies and approve exceptions with internal and external auditors.