Cloud Platform
Contact us
Asset Management
Vulnerability & Configuration Management
Risk Remediation
Threat Detection & Response
  • Overview
  • Platform Apps

  • Qualys Endpoint Security

    Advanced endpoint threat protection, improved threat context, and alert prioritization

  • Context XDR

    Extend detection and response beyond the endpoint to the enterprise

Compliance
Cloud Security

PCI Compliance.

One Platform. One Agent. Complete Compliance for PCI DSS 4.0.

The most complete, accurate, and efficient solution to achieve PCI compliance

In today’s world, data is power. As an information security leader, I can’t drive accountability without data, and specifically data with a high level of integrity. The Enterprise TruRisk Platform along with its sensors, in particular cloud agents and cloud connectors, give me the single view to manage end-to-end PCI compliance and data security in my organization.

Matthias Hoelzli Matthias Hoelzli Sr. Manager of Threat & Vulnerability Management, NortonLifeLock

Full coverage for PCI DSS 40

Coverage for more than 97 percent of the PCI DSS 4.0 requirements across asset management, external and internal vulnerability management, payment web app security, secure configuration management, file integrity monitoring, asset discovery, remediation, and PCI ASV questionnaires.

Offering a comprehensive and integrated cloud platform with a single agent, the Qualys Compliance Solution Set provides a holistic view of all assets, including middleware and databases missed by most solutions, to ensure full PCI DSS 4.0 compliance and avoid fines, brand damage, and lawsuits. Qualys Compliance ensures automated discovery and classification for in-scope assets, along with PCI-specific out-of-the-box compliance policies, file integrity monitoring profiles, self-assessment templates, and vulnerability scan profiles, enabling you to assess your card holder data environment within 15 minutes after provisioning.

Unified Dashboard - Enterprise TruRisk Platform | Qualys

PCI compliance solution highlights

Full coverage of PCI requirements

Qualys covers more than 97% of PCI requirements across asset management, external & internal vulnerability management, payment web app security, secure configuration management, and PCI ASV questionnaires. With Qualys unified dashboard, organizations can visualize in their environment the top 20 control gaps as reported by the Verizon Payment Security Report (PSR), so that they can address them for better security and greater PCI compliance.

A single unified compliance solution

Using separate tools for individual PCI requirements adds operational overhead in the form of data fragmentation and infrastructure complexity. As a single solution, Qualys collects telemetry required for all PCI requirements into a highly scalable cloud platform, helping security practitioners identify and remediate issues efficiently, manage their PCI posture through dashboards, and generate audit-friendly reports. With its single cloud agent and PCI-approved scanning, Qualys eliminates the need to deploy multiple sensors and correlate disparate data.

Time-saving compliance automation and templates

Building a successful PCI compliance program typically requires significant manual work. Qualys’ automated discovery and classification of in-scope assets along with PCI-specific out-of-the-box compliance policies, file integrity monitoring profiles, self-assessment templates and vulnerability scan profiles enable customers to start assessing their card holder data environment within 15 minutes of provisioning. PCI-centric reporting templates make it easy to produce reports just the way your auditors need.

Achieve PCI DSS 4.0 compliance with a single platform and agent

Included is a PCI Compliance Unified View dashboard highlights compliance gaps and provides pre-built templates, profiles, and policies that can help you achieve full compliance. Automated workflows allow you to always know about every active asset across your global hybrid-IT environment. You can gain visibility across the top 20 control gaps with a single pane of glass, and leverage PCI-centric reporting templates, automated documentation, and robust reporting.

Vulnerability Management Detection and Response (VMDR) | Qualys

Perform continuous vulnerability management

Qualys Vulnerability Management, Detection, and Response (VMDR) is not included with TotalCompliance and is recommended as a pre-requisite foundational solution to manage CDE cyber risks (Req. 2, 5, 6, 11). It addresses the third goal for a CDE vulnerability management program, and Requirement 11’s need for regularly testing security of CDE systems and networks. VMDR excels at detecting internal and external risks, and efficiently responding to vulnerabilities. It even performs authenticated scans, such as for certificate inventory, which other scanners are unable to do.

  • Performs continuous vulnerability management using cloud agents or network scanners

  • Prioritizes vulnerabilities based on real-time threat indicators and your attack surface

  • Gives your security teams and auditors assurance that your network is completely secured.

Vulnerability Management Detection and Response (VMDR) | Qualys
CyberSecurity Asset Management | Qualys

Ensure you're always audit ready for PCI DSS 4.0

Qualys Policy Compliance (PC), included with TotalCompliance, is a cloud service app in the Qualys Cloud Platform that enables continuous assessment of the cardholder data environment. Qualys PC provides a ready-to-use mandate-based template for PCI DSS 4.0 consisting of security checks that automate the assessment of in-scope PCI assets. These checks automatically scan technical secure configuration assessment requirements of the standard.

  • Assesses, monitors, prioritizes, and reports security-related misconfigurations based on a comprehensive policy library of CIS, DISA, PCI-DSS standards​

  • Provides out-of-the-box PCI compliance policies to assess your environment​ and automated remediation of compliance issues.

  • Enables customized policies based on organization-specific baselines, prioritizes based on evidence of exploitation in the wild and the likelihood of exploitation to quickly see which vulnerabilities, assets, and groups of assets are most at risk.

CyberSecurity Asset Management | Qualys

Qualys Patch Management (PM)

IT Security

Qualys Patch Management (PM) is included with TotalCompliance and enables automating the entire patching process for operating systems, mobile devices and third-party applications – even for remote devices within the cardholder data environment (Req. 1, 6, 10, 11).

Read more

Qualys CyberSecurity Asset Management (CSAM)

Asset Management

Qualys CyberSecurity Asset Management (CSAM) is included with TotalCompliance, along with External Attack Surface Management (EASM). CSAM provides an accurate, context-rich inventory of all CDE cyber assets to identify security gaps (Req. 2) and CSAM provides full visibility and control of the CDE’s external attack surface (Req. 2, 12).

Read more

Qualys PCI Approve Scanning Vendor (ASV)

Compliance Monitoring

Qualys PCI Approve Scanning Vendor (ASV) is included with TotalCompliance. PCI DSS requirement 11.2.2 requires quarterly external vulnerability scans that must be performed by an ASV. As an Approved Scanning Vendor (ASV), Qualys has been authorized by the PCI Security Standards Council to conduct the quarterly scans required to show compliance with PCI DSS. Qualys helps you achieve compliance via a streamlined process that also gives you assurance your network is secure.

Read more

Qualys File Integrity Monitoring (FIM)

Compliance Monitoring

Qualys File Integrity Monitoring (FIM) included with TotalCompliance, provides “low-noise” CDE integrity monitoring efforts and compliance (Req. 1, 10, 11, 12), including unauthorized modification and change detection that accurately separates false alerts from positive hits and allows for whitelisting.

Read more

Qualys Web Application Scanning (WAS)

Web Application Security

Qualys Web Application Scanning (WAS) included with TotalCompliance, continuously detects vulnerabilities and misconfigurations of CDE internal and external-facing web applications (Req. 6, 11). This app finds malware in web apps and informs DevOps teams on exposed payment data and other PII.

Read more

Qualys Security Assessment Questionnaire (SAQ)

Web Application Security

Qualys Security Assessment Questionnaire (SAQ) is included with TotalCompliance. More than half of all PCI requirements (143 of them) involve merchant reporting of compliance status via PCI Self-Assessment Questionnaires. Qualys SAQ enables you to demonstrate the security measures needed to keep cardholder data secure at your business.

Read more

Powered by Enterprise TruRisk Platform

Single-pane-of-glass UI

See the results in one place, in seconds. With AssetView, security and compliance pros and managers get a complete and continuously updated view of all IT assets — from a single dashboard interface. Its fully customizable and lets you see the big picture, drill down into details, and generate reports for teammates and auditors. Its intuitive and easy-to-build dynamic dashboards to aggregate and correlate all of your IT security and compliance data in one place from all the various Qualys Cloud Apps. With its powerful elastic search clusters, you can now search for any asset – on-premises, endpoints and all clouds – with 2-second visibility.

Centralized & customized

Centralize discovery of host assets for multiple types of assessments. Organize host asset groups to match the structure of your business. Keep security data private with our end-to-end encryption and strong access controls. You can centrally manage users’ access to their Qualys accounts through your enterprise’s single sign-on (SSO). Qualys supports SAML 2.0-based identity service providers.

Easy deployment

Deploy from a public or private cloud — fully managed by Qualys. With Qualys, there are no servers to provision, software to install, or databases to maintain. You always have the latest Qualys features available through your browser, without setting up special client software or VPN connections.

Scalable and extensible

Scale up globally, on demand. Integrate with other systems via extensible XML-based APIs. You can use Qualys with a broad range of security and compliance systems, such as GRC, ticketing systems, SIEM, ERM, and IDS.

See for yourself. Try the Qualys PCI solution for free.

Start your free trial today. No software to download or install. Email us or call us at 1 (800) 745-4355.