QualysGuard Policy Compliance and Federal Desktop Core Configuration Enables Federal Agencies to Meet FISMA Compliance in a Unified Security and Compliance Solution
Redwood City, Calif. - July 24, 2012 – Qualys®, Inc., a pioneer and leading provider of cloud security and compliance solutions, today announced that its new release of QualysGuard® Policy Compliance (PC) and Federal Desktop Core Configuration (FDCC) solution simplifies the process of meeting compliance regulation requirements for businesses and governmental agencies. This new release offers new CyberScope reporting capabilities for governmental agencies that have to comply with the Federal Information Security Management Act of 2002 (FISMA). It also provides new certified policies that meet international industry standards defined by the Center for Internet Security (CIS) and workflows to automatically create “Golden Images” by extracting the required information from systems that have already been configured with compliant configurations.
Qualys will showcase these new capabilities this week at Black Hat USA 2012 Briefings – booth #401 on July 25-26.
“A solution automating key processes such as CyberScope reporting can help organisations streamline compliance workflows and meet FISMA requirements,” said Lawrence Pingree, research director for Gartner. “With these types of tools, it is easier for organisations to more quickly adopt best practices, shortening the audit cycle and reducing overall costs.”
The new features in this release include:
Utilisation of CyberScope Reports for Government Agencies. Under FISMA, government agencies are obliged to report their information security statuses using a common tool called CyberScope. The new release of the QualysGuard FDCC cloud solution enables users to perform compliance scans and generate CyberScope reports, which are required on a monthly basis, to meet FISMA requirements. CyberScope is a web-based application mandated by the Department of Homeland Security (DHS) to provide secure and efficient FISMA reporting for federal agencies.
Certified CIS Benchmark Policies. The importable policy library provides two new certified CIS benchmarks for:
Automatic Creation of Compliance Policies Using Golden Images. An easy workflow helps users create policies by selecting compliant systems to act as “Golden Images” for new policies. During policy creation, the compliance scan results of the “Golden Images” are used to set the expected values for internal policies, allowing customers to quickly identify systems out of compliance with the “Golden Image” policy.
“With this new release of QualysGuard Policy Compliance, our customers can easily produce FDCC and CyberScope reports to meet FISMA requirements and achieve compliance with internal policies in a unified security and compliance platform,” said Philippe Courtot, Chairman and CEO of Qualys.
Pricing and Availability
These new features of QualysGuard Policy Compliance are now available. Pricing is based on annual subscriptions and number of systems. It includes all updates and 24x7 support. For detailed information please visit https://www.qualys.com/enterprises/qualysguard/policy-compliance/.
About QualysGuard PC and FDCC
QualysGuard Policy Compliance, or QualysGuard PC, allows organisations to analyse and collect configuration and access control information from their networked devices and web applications and automatically maps this information to internal policies and external regulations in order to document compliance. QualysGuard PC is automated and helps reduce customers’ cost of compliance without requiring the use of software agents.
The QualysGuard FDCC service is a certified cloud solution for FDCC compliance. It allows federal agencies to scan and report compliance with the FDCC and United States Government Configuration Baseline (USGCB) requirements through a centralised, integrated solution leveraging the QualysGuard Cloud Platform.
About QualysGuard Cloud Platform
The QualysGuard Cloud Platform and its integrated suite of security and compliance solutions provide organisations of all sizes with a global view of their security and compliance posture, while drastically reducing their total cost of ownership. The QualysGuard Cloud Suite, which includes Vulnerability Management, Web Application Scanning, Malware Detection Service, Policy Compliance, PCI Compliance and Qualys SECURE Seal, enable customers to identify their IT assets, collect and analyse large amounts of IT security data, discover and prioritise vulnerabilities and malware, recommend remediation actions and verify the implementation of such actions.
Qualys, Inc. is a pioneer and leading provider of cloud security and compliance solutions with over 5,700 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The QualysGuard Cloud Platform and integrated suite of solutions helps organisations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organisations including BT, Dell SecureWorks, Fujitsu, IBM, NTT, Symantec, Verizon, and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA).
For more information, please visit www.qualys.com.
Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.