Professional Documents
Culture Documents
Agenda
Policy Compliance
Define, Audit and Document IT Security Compliance
1. Create Users
4. Scan Hosts
7. Request Exceptions
10 Qualys, Inc. Corporate Presentation
Add Hosts to Policy Compliance
Search the online help for “User Roles Comparison” for a complete list.
Remote Users
LAN 1 • EC2/VPC IaaS Providers
• Azure
• Google
LAN 2 DMZ
Scanner
Compliance Profile Assets
appliance
Authentication
Tags
(required)
IP addresses
Compliance Scanning
Set
1. Select a technology for Technology
you policy
• Operating System
•
•
Web Server
Database
Add
Controls
2. Add controls to policy
For exceptionally large Policies (e.g. those created with Golden Image), you can Export (download) and
edit in bulk, and then Import (upload) the edited Policy.
41 Qualys, Inc. Corporate Presentation
Cardinality of Controls
• Compares the “data point” collected during a scan, to the
control’s expected value.
• X contains all of Y
43 Qualys, Inc. Corporate Presentation
Cardinality of Controls : intersects
• Policy Report
includes compliance
status with a
specific policy
1. Request exceptions.
2. Review exceptions.
3. Accept/Reject exceptions.
4. View exception history.
Compliance Report
Approach
• How: Classification Questionnaire, Risk
Assessment questionnaires
• Who: Vendor Contact, Vendor Manager, Risk
Manager
• What: Critical Assets, Processes, Business
Unit, Applications Vendors
Approach
• How: Self Assessment questionnaires
• Who: Asset Owner, Compliance/Risk
Manager
• What: In Scope Assets, Processes,
Business Unit, Applications Vendors
• Defines the questions you want to ask and the structure of your
questionnaire.
• A question may include requirements for evidence, comments and
attachments.
• Create a Template:
• Build from scratch—Blank Template
• Import from Qualys Template Library
• Import from XML file
• Simple – 2 Stage
• Reviewable – 3 Stage
• Full – 4 Stage
Stages
1. Recipient receives invitation to complete questionnaire.
2. Recipients submit answers.
3. Answers are reviewed.
4. Answers are reviewed and approved.
training@qualys.com