FedRAMP-Authorized Qualys Cloud & Government Platform
Accelerate ATO. Inherit Controls. Reduce Risk at Scale. One Authorized Boundary.
Qualys’ FedRAMP-authorized boundaries include tightly integrated capabilities that help federal agencies and partners accelerate compliance, reduce cyber risk, and streamline security operations. By operating within the Qualys platform, organizations inherit pre-validated NIST 800-53 controls, cutting months from Authorization to Operate (ATO) timelines while consolidating vulnerability management, compliance monitoring, asset discovery, and security operations into a single risk management platform.
Proven FedRAMP Track Record
FedRAMP High is designed for systems handling high-impact, sensitive unclassified data, where confidentiality, integrity, and availability failures would have severe consequences.
- FedRAMP Moderate Authorized since 2016 – the Qualys Cloud Platform has supported agencies and regulated enterprises for nearly a decade.
- FedRAMP High Authorized in 2025 – the Qualys Government Platform meets the most rigorous federal requirements, validated through independent third-party assessment and continuous monitoring of 400+ NIST 800-53 High controls
What You Inherit by Using Qualys
- Control inheritance at scale – hundreds of validated security controls reduce POA&Ms and audit scope.
- Unified risk management – vulnerabilities, misconfigurations, assets, and compliance signals prioritized together, not in silos.
- Operational efficiency – fewer tools, fewer handoffs, lower audit and operational overhead.
FedRAMP Authorization by Qualys Products
The authorization status of each core Qualys capability across FedRAMP Moderate and FedRAMP High is shown below.
| Qualys Product / Capability | FedRAMP Moderate Authorized | FedRAMP High Authorized |
|---|---|---|
| Certificate View |  | |
| CSAM - CyberSecurity Asset Management | | |
| EASM - External Attack Surface Management | |  |
| EDR - Endpoint Detection & Response | | |
| ETM - Enterprise TruRisk Management | | |
| FIM - File Integrity Monitoring | | |
| GAV - Global Asset View | | |
| PC - Policy Compliance | | |
| PCI - PCI Compliance | | |
| PM - Patch Management | | |
| Qflow - Qualys Flow Application | | |
| TotalAI | | |
| TotalAppSec (WAS & API Security) | | |
| TotalCloud | | |
| TP - Threat Protection | | |
| VMDR - Vulnerability Management, Detection & Response | | |
| TruRisk Eliminate | | |
Which Qualys Platform Are You On?
If you’re unsure whether your current Qualys subscription resides in an authorized environment, reference the table below.
| Platform | FedRAMP Authorization | Platform URL |
|---|---|---|
| US1 | FedRAMP Moderate | https://qualysguard.qualys.com/ |
| US2 | FedRAMP Moderate | https://qualysguard.qg2.apps.qualys.com/ |
| US3 | FedRAMP Moderate | https://qualysguard.qg3.apps.qualys.com/ |
| FedHigh (GovCloud) | FedRAMP High | https://qualysguard.gov1.qualys.us/ |
Want to confirm eligibility, plan a migration, or understand inheritance details?
Contact your Qualys account team to map your use cases to the right authorized boundary.