Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Cloud Security

Qualys Introduces GovCloud a FedRAMP® Ready (High Impact Level) Cybersecurity Platform

Qualys GovCloud is currently the only FedRAMP Ready status at the High impact level vulnerability and patch management platform that meets Executive Orders and NIST compliance comprehensively

FOSTER CITY, Calif. – Jan. 31, 2023 – Qualys, Inc. (NASDAQ: QLYS), a pioneer and leading provider of disruptive cloud-based IT, security and compliance solutions, announced its new GovCloud platform along with the achievement of FedRAMP Ready status at the High impact level, from the Federal Risk and Authorization Management Program (FedRAMP).

Qualys GovCloud, including its integrated capabilities, is ‘ready’ to meet the stringent cybersecurity assurance requirements of FedRAMP at the High impact level. High certification is the most stringent with 421 security and risk management controls.

Qualys GovCloud is a comprehensive offering including - asset inventory with external attack surface visibility, vulnerability risk and remediation management and compliance management - that federal agencies can use as the foundation for their cybersecurity programs. Its integrated platform includes all the critical security and compliance solutions needed to address Executive Orders and aligns with NIST 800-53 v5 standards eliminating the need to stitch together siloed solutions.

“As a trusted provider to the Federal Government, Blackwood Associates is thrilled to partner with Qualys and offer its innovative GovCloud platform to our federal clients,” said Christopher Ebley, CTO, Blackwood Associates. “GovCloud represents a major step forward in how federal agencies approach security. Given the rapid evolution of requirements around contextual risk and vulnerability management, Qualys’ dedication to bringing its technology to highly sensitive environments is a force multiplier for our customers. The GovCloud platform enables the move away from siloed solutions and towards a comprehensive, integrated solution that streamlines efforts, saves costs, enhances security, and provides compliance context and risk prioritization.”

Qualys GovCloud

Qualys GovCloud’s unified dashboard for managing the security and compliance posture per CISA Directives and DISA standards

The highly scalable GovCloud platform supports federal and commercial organizations cost-effectively, delivering integrated capabilities, 24x7 support and training while maintaining the highest level of protection. Qualys GovCloud includes:

Cybersecurity Asset Management with External Attack Surface Management – to identify, discover inventory and classify all known and unknown assets with security context. The solution also syncs with your CMDB, helping address CISA BOD 23-01 and comprehensively report against the NIST 800-53 v5 requirement of CM-8.

Vulnerability Management Detection and Response (VMDR) - assess, prioritize, and remediate vulnerabilities based on TruRisk to meet Executive order 14028, OMB M-21-31 as well as monitor posture against NIST requirement of RA-5.

Configuration and Policy Compliance - GovCloud’s Regulatory Compliance Management with Policy Compliance capability allows government agencies to assess configuration posture against DISA while auditing and reporting their compliance with a wide range of standards, including NIST 800-53/FedRAMP, NIST 800-171, NIST CSF, CMMC, CERT Resiliency, etc.

File Integrity Monitoring – detects and alerts on unauthorized changes to software firmware and information to align with the NIST SI-7 requirement.

Container Security - continuously discover, track, and secure containers from build to runtime, aligning with the key federal DevOps initiative while addressing the additional FedRAMP requirement of NIST RA-5 regarding assessing containers for vulnerability risk.

“We are delighted that our newest offering for the federal market, GovCloud has received FedRAMP High Ready status, the highest level of security standard offered by the federal program,” said Sumedh Thakar, president and CEO of Qualys. “As the only vulnerability management platform currently with FedRAMP Ready status at the High impact level, we are dedicated to providing federal agencies with a modern alternative to legacy scanners to improve their security posture as they embrace digital transformation.”

About FedRAMP
FedRAMP is a government program that promotes the adoption of secure cloud services across federal agencies. It offers a rigorous, standardized approach to security authorizations for cloud service offerings. High certification is the most stringent awarded to cloud vendors with 421 controls for security and risk management to prevent data loss and unauthorized access to information that could result in severe or catastrophic adverse effects on an agency, its assets, finances, operations, or individuals.

The FedRAMP Ready (High impact level) Qualys GovCloud will be available in late February for federal agencies to sponsor for a FedRAMP authorization. To request a free trial, visit

Additional Resources
• Read the GovCloud Blog
• Learn more about Qualys GovCloud
• Details on the Qualys Cloud Platform
• Follow Qualys on LinkedIn and Twitter

About Qualys
Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings.

The Qualys Cloud Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit

Qualys, Qualys VMDR® and the Qualys logo are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey