Qualys Gov Platform obtained FedRAMP Authorization to Operate (ATO) in 2016, an approval that requires a lengthy and rigorous process. Since FedRAMP standardizes how FISMA applies to cloud service providers, Qualys’ authorization streamlines federal government customers’ assessment and approval process for adopting our platform. Qualys Gov Platform is also on the Approved Products List of the General Services Administration’s (GSA) Continuous Diagnostics & Mitigation (CDM) program, which requires a Department of Homeland Security (DHS) qualification process.

Qualys helps ensure that federal customers moving workloads to the cloud, including their VMs, cloud instances and containers, are secure and compliant across cloud platforms. Qualys has agreements and seamless integrations with most major cloud providers, so you can conduct required asset discovery, asset management, vulnerability management, web application scanning, threat prioritization, policy compliance and more.

Qualys’ 11,000+ customers include 70% of the Forbes Global 50 and almost half of the Global 500, while its robust partner ecosystem features leading managed security service providers and security consulting firms including EY, IBM, DXC Technology, NTT, Verizon, SecureWorks, Deloitte and others.

Our platform’s revolutionary architecture, which includes a software-as-a-service (SaaS) delivery and licensing model, offers unparalleled ease of deployment and slashes the costs and complexity associated with acquiring, installing and maintaining on-premises security software. Qualys can be quickly deployed, with nothing to install or manage: All services are accessible via an intuitive web interface.

Qualys Gov Platform’s state-of-the-art, massively scalable backend has robust, centralized capabilities for reporting, storage, data analysis, search indexing and asset tagging, among other functionality. The platform scales to the largest environments, allowing customers to seamlessly add coverage, users and services as needed. The platform performs 3+ billion IP scans, and detects 1+ trillion security events per year, with Six Sigma accuracy (99.9996%) for vulnerability scans, so customers don’t waste time and resources chasing false positives. Vulnerability data is securely stored and processed in an n-tiered architecture of load-balanced servers, with encrypted databases that are physically and logically secure.

Qualys cloud apps offer multiple out-of-the-box templates, capabilities and pre-built content designed to streamline compliance with federally mandated regulations and policies. For example, the Qualys Policy Compliance (PC) app helps organizations comply with multiple mandates and standards in a harmonized manner – by consolidating the requirements from the multiple standards into a single view – and allows reporting on one or multiple mandates in a single report. Meanwhile, the Qualys Security Assessment Questionnaire (SAQ) app has a NIST Cybersecurity Framework template. Both PC and SAQ support out-of-the-box, automated reporting on NIST Cybersecurity Framework, NIST 800-53 controls and on the DISA STIG guidelines.

By consolidating your security stack on Qualys Gov Platform with our centrally managed and integrated Qualys Apps, you eliminate the plethora of siloed, heterogeneous point products that are difficult and expensive to integrate and manage. Qualys’ growing suite offers 18 Apps for, among other things, vulnerability management, asset inventory, threat prioritization, web app security, policy compliance and file integrity monitoring. Equip your security teams, including those in charge of on-premises infrastructure, cloud workloads, endpoint devices, mobile devices, ICS/SCADA systems, DevSecOps environments, web apps, and IT audit and compliance, with our centralized platform, whose apps are accessible from a unified dashboard and share data and resources from a common backend.

Qualys Gov Platform’s sensors give organizations continuous, real-time visibility of all their IT assets – on premises, at endpoints and in clouds – for comprehensive prevention and response. Centrally managed and self-updating, the Qualys sensors come as physical or virtual appliances, or lightweight agents. A centralized, web-based, single-pane-of-glass UI gives you a complete and continuously updated view of your IT environment and its security and compliance posture.