Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Helps Federal Agencies Address Requirements of White House Executive Order (EO) on Cybersecurity

Integrated out-of-the-box support for DISA-STIG controls and NIST Cybersecurity Framework, reduces the time and cost for agencies to meet EO requirements

NATIONAL HARBOR, Md., – Gartner Security and Risk Management Summit, Booth #609 – June 12, 2017 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of cloud-based security and compliance solutions, today announced that its FedRAMP-certified Qualys Cloud Platform now supports the requirements laid out in the 2017 White House Executive Order (EO) on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

The 2017 White House EO charges each individual agency with reviewing and reporting on its cyber posture using the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), while continuing to manage its own cyber risk using the Defense Information Systems Agency Security Technical Implementation Guides (DISA-STIG) to harden systems. However, measuring compliance against multiple regulations can be a significant challenge when collecting technical control data from complex IT environments.

Qualys Policy Compliance (PC) now helps customers overcome that challenge by harmonizing the process of technical control assessment and reporting. PC has been updated with DISA-STIG content along with comprehensive mapping of controls to the NIST Cybersecurity Framework. This gives customers automated control assessment capabilities across complex heterogeneous environments leveraging DISA-STIG and other best practice standards, while integrating native reporting against NIST CSF.

“IT security and compliance plays a crucial role in the continued adoption of cloud by U.S. Government agencies,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “The Qualys Cloud Platform provides federal agencies a unified solution that can deploy and scale, providing the 2-second visibility of continuous security and compliance posture of IT assets at an agency-wide level, helping ensure that IT vulnerabilities do not compromise the security of critical U.S. Government infrastructure.”

The Qualys Cloud Platform combines assessment and reporting of technical and procedural EO requirements in a harmonized solution that helps with:

  • Combined Visibility of Mandate Compliance - PC empowers customers to comply with multiple mandates and standards in a harmonized manner — by consolidating the requirements from the multiple standards into a single view — and allows reporting on one mandate or on multiple mandates in a single report. This is done through the automated harmonization of compliance requirements from multiple standards, in a continuous manner.

  • Technical and Procedural Risk Assessment - Qualys Security Assessment Questionnaire (SAQ) module allows customers to also assess the procedural controls of the standards and also empowers customers in assessing their vendors and third parties for their controls posture. An out-of-the-box NIST Cybersecurity Framework template can be sent across internal departments and to vendors to assess their responses and report on overall compliance.

  • Automated Mandate-based Reporting - Qualys PC and SAQ support out-of-the-box, automated reporting on NIST CSF on the basis of the DISA STIG guidelines. The mandate-based reporting feature of PC showcases the compliance posture against the standards or mandates in terms of the underlying security baseline by mapping DISA and other controls to the required compliance standards in a continuous manner.

The Qualys Cloud Platform
The Qualys Cloud Platform is FedRAMP Certified with Authority to Operate. All Qualys applications reside on the highly scalable and always available Qualys platform, meaning there is no need to infuse third-party operational security data from other products or tools to perform end-to-end compliance assessments and report against NIST CSF, based on the underlying DISA guidelines.

Qualys will continue to support automated, out-of-the-box, compliance assessment against NIST CSF revisions as they evolve and cater to the 2017 EO requirements, DISA-STIG standards and the forthcoming NISTIR 8170 Cybersecurity Framework Implementation Guidance for Federal Agencies.

Additional Resources:

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and compliance solutions with over 9,300 customers in more than 100 countries, including a majority of each of the Forbes Global 100 and Fortune 100. The Qualys Cloud Platform and integrated suite of solutions help organizations simplify security operations and lower the cost of compliance by delivering critical security intelligence on demand and automating the full spectrum of auditing, compliance and protection for IT systems and web applications. Founded in 1999, Qualys has established strategic partnerships with leading managed service providers and consulting organizations including Accenture, BT, Cognizant Technology Solutions, Deutsche Telekom, Fujitsu, HCL Technologies, HP Enterprise, IBM, Infosys, NTT, Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a founding member of the Cloud Security Alliance (CSA). For more information, please visit

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.


Media Contact:
Tami Casey