Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

QualysGuard Policy Compliance 3.0 Provides Comprehensive View of Security Compliance Without Requiring Installation of Agents

New Release Includes Broader Support of Operating System, Database and Network Technologies, Plus Password Auditing and File Integrity Checks

San Francisco, Calif. - February 14, 2011 - Qualys®, Inc., the leading provider of on demand IT security risk and compliance management solutions, today at RSA Conference USA 2011, announced the release of QualysGuard Policy Compliance 3.0, providing more comprehensive policy compliance scanning capabilities without the need to install agents. The latest version expands support for new operating systems and adds support for scanning databases and network devices – providing customers with a full, in-depth view of IT policy compliance across all assets.

“We have been using QualysGuard Policy Compliance to reduce the cost and complexity of our compliance auditing and reporting,” said Dan Klinger, senior manager of global information security for The Hershey Company. “QualysGuard Policy Compliance 3.0 expands its ability to scan IT assets beyond just servers and operating systems with the ability to scan databases and network devices. This will give us a more complete view of our compliance status and helps us to better prepare for audits and share proof of compliance with auditors from QualysGuard during the audit cycle.”

Independent research firm, Forrester Research, Inc. stated in the Wave* evaluation for Vulnerability Management report that “Qualys is one of the few vendors in this evaluation that has a full-featured configuration compliance module that provides concrete mappings from a wide list of regulations to actual IT controls.”

New features in QualysGuard Policy Compliance 3.0 include:

  • Expanded configuration support. New supported technologies include Active Directory 2000, 2003 and 2008, AIX 6.x. CentOS 4.x and 5.x, Oracle Enterprise Linux 4 and 5, HPUX 11i.v3, Windows 7, and Cisco IOS 12.x and 15.x. Total number of configuration checks as of February 11, 2011 is 6,922 across 34 technologies.

  • File integrity checks. Users can verify the integrity of files through agent-less, authenticated scans. New advanced scanning allows Windows and Unix file hashes to be calculated and compared scan to scan to verify the integrity of critical files.

  • Support for benchmarks and security checklists. The importable policy library currently supports the following Center for Internet Security (CIS) benchmarks: Windows XP Professional v2.0.1, Windows 2000 Level 1 v1.2.2, Windows 2000 Server Level 2 v2.2.1, and Windows 2003 Member Server v2.0.0; Federal Desktop Core Configuration (FDCC) security checklists: Windows XP v1.2, Windows XP Firewall v1.2, Windows Vista v1.2, Windows Vista Firewall v1.2, and Internet Explorer 7 v1.2; and United States Government Configuration Baseline (USGCB) security checklists: Windows 7 v1.0, Windows 7 Firewall v1.0, and Internet Explorer 8 v1.0.

  • Use of dissolvable agents. The QualysGuard scanning engine can use a dissolvable agent – an application used by the scanning engine to access certain data on target hosts that cannot be accessed remotely – for remote authenticated scanning. The agent is created on demand as needed and removes itself completely when it’s done collecting data, enabling secure, trusted, authenticated scans remotely. Read more about dissolvable agents in our Qualys Community post.

  • Password auditing checks. New advanced scanning capabilities using the dissolvable agent check the actual password of users, not just the rules governing the passwords. QualysGuard Policy Compliance 3.0 can validate password rules including empty password, password matches user name, and password matches an entry in the custom password dictionary.

  • User-defined controls. In addition to published content, QualysGuard Policy Compliance 3.0 supports user-defined content for Windows and Unix. This capability allows customers to expand content for additional or custom configuration settings stored in the registry or files.

  • New trend reports. Executive and technical reports include up to 90 days worth of trending data, including number of hosts scanned, number of controls in the policy, and compliance pass/fail results.

  • Integrations with leading GRC solutions. QualysGuard Policy Compliance 3.0 is now integrated with leading GRC solutions including RSA Archer and Rsam. These integrations help customers leverage their GRC investments by automating the collection of technical controls through agentless scanning.

  • Integrations with credential management systems. To continue to improve privileged scanning, QualysGuard Policy Compliance 3.0 supports integrations with Cyber-Ark for storing privileged credentials in a password vault and PowerBroker for providing better control and logging of escalated privileges.

“The new policy compliance features in 3.0, including the ability to scan databases and the use of dissolvable agents for secure authenticated scanning, create a powerful solution providing customers with a more complete view of their security and compliance postures at a price point lower than the annual maintenance cost of traditional enterprise solutions,” said Philippe Courtot, chairman and CEO for Qualys.

About QualysGuard Policy Compliance

Gathering security and configuration data across all assets for various compliance initiatives is a tedious, complex and costly task – especially in larger, distributed organizations. Companies use QualysGuard Policy Compliance for automated collection of configuration and security data across IT assets, and compliance reporting leveraging its comprehensive knowledgebase of regulations, industry standards and compliance frameworks. Because it is delivered using an on demand Software-as-a-Service (SaaS) model, the cost is low and there is no hardware or software to set up or to maintain. Updates occur automatically in real time, and users can log in through the QualysGuard web site to perform scans, set up user access, or create reports.

Pricing and Availability

QualysGuard Policy Compliance 3.0 is now available. Pricing are annual subscriptions based on the number of systems and it includes all updates and 24x7 support. For detailed information on this latest release, visit

*The Forrester Wave™: Vulnerability Management, Q2 2010, July 15, 2010

About Qualys

Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions – delivered as a service. Qualys’ Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard® service is used today by more than 5,000 organizations in 85 countries, including 47 of the Fortune Global 100, and performs more than 500 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company, and has been recognized by leading industry analysts for its market leadership.

Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS. Qualys is also a founding member of the Cloud Security Alliance (CSA).

For more information, please visit


Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

For all other matters

Media Contact:
Tami Casey