Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Introduces First Certified Cloud-Based Solution for Federal Desktop Core Configuration (FDCC) Compliance

New QualysGuard FDCC Module Enables Federal Agencies to Scan and Report Compliance on Agency Wide Scale

Redwood City, Calif. - February 23, 2010 - Qualys®, Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced its new QualysGuard FDCC module – the first certified cloud-based computing solution for FDCC compliance. The QualysGuard FDCC module, validated by the National Institute of Standards and Technology (NIST) as conforming to the Security Content Automation Protocol (SCAP) and its component standards, provides a centralized, integrated solution leveraging the QualysGuard Software-as-a-Service (SaaS) architecture helping federal agencies validate the configuration of their desktops according to FDCC regulations.

In order to strengthen information security, Federal government agencies are required to standardize and certify their existing Windows XP and Windows Vista desktops according to FDCC specifications as mandated by the US Office of Management and Budget (OMB). Using the QualysGuard FDCC module, an agency can increase breadth of coverage while reducing cost and resource requirements to collect SCAP content and validate these systems to the FDCC requirements.

QualysGuard FDCC module enables federal IT security professionals to:

  • Support SCAP content for Windows XP, Windows XP Firewall, Windows Vista, Windows Vista Firewall, Internet Explorer 7
  • Utilize FDCC checklists from Qualys’ library using updated published SCAP content
  • Certify compliance with FDCC requirements with detailed reports that include technical analysis of compliance and executive-level summaries
  • Provide complete coverage of all agency assets allowing for a complete picture of compliance rather than a statistical sample
  • Scales to scan very large, distributed and operationally diverse, networks

“The FDCC initiative was a big move forward for increasing the security posture of government systems, and I expect to see it expanded beyond desktops over the next year,” said John Pescatore, VP and distinguished analyst at Gartner Inc. “To make sure that FDCC leads to both more effective and more efficient security controls, the automation and interoperability facilitated by standards like SCAP are critical components for success.”

“FDCC compliance is a daunting task for government agencies as it requires a thorough analysis of all Windows Vista and Windows XP environments across their entire agency,” said Philippe Courtot, chairman and CEO of Qualys. ““The QualysGuard FDCC module brings the scale and automation to accomplish this task efficiently and cost effectively.”

Pricing and Availability

Available immediately, The QualysGuard FDCC module annual subscription for federal agencies starts at $1,995 with additional licensing per IP. For more information or to purchase the solution, please visit:

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk andcompliance management solutions – delivered as a service. Qualys’Software-as-a-Service solutions are deployed in a matter of hours anywhere inthe world, providing customers an immediate and continuous view of theirsecurity and compliance postures.

The QualysGuard® service is used today by more than 4,000 organizations in 85countries, including 42 of the Fortune Global 100 and performs more than 250million IP audits per year. Qualys has the largest vulnerability managementdeployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed serviceproviders and consulting organizations including BT, Etisalat, Fujitsu, IBM,I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS.

For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For media inquiries or to find the appropriate spokesperson
Contact: Melinda Marks
Qualys, Inc.
(650) 801-6242

Contact: Clarissa Horowitz
sparkpr for Qualys
(415) 321-1890

For all other matters

Media Contact:
Tami Casey