All Posts

153 posts

Introducing QualysGuard Policy Compliance

QGPC-WHP.gif

QualysGuard Policy Compliance extends QualysGuard global scanning capabilities to collect OS Configuration and Application Access controls from hosts and other assets within the enterprise and maps this information into polices to fix and document compliance with regulations and mandates.

QualysGuard Policy Compliance Benefits:

  • Combined agent-less solution for vulnerability and configuration scanning
  • Rapid global deployment with the QualysGuard Software-as-a-Service (SaaS) delivery model requiring no software to install or maintain
  • Centralized approach to policy definition and management
  • Customizable auditing capabilities for multiple regulatory initiatives and mandates including SOX, HIPAA, GLBA, Basel II and others
  • Comprehensive instructions and audit trails to review and prove compliance with auditors

For more details, please visit:
http://www.qualys.com/solutions/policy_compliance/

QualysGuard 6.0: Reporting Metrics for Enterprise Stakeholders

QG-Scorecard.gif

QualysGuard 6.0 enables security managers and key organization executives, including business line managers, members of the board and auditors, to get an on demand view of IT security and compliance within the enterprise. QualysGuard 6.0 offers new metrics reporting supported by scorecards and secure, collaborative report distribution workflows which help operations and IT staff to be efficient and communicate effectively with auditors and executive management.

QualysGuard PCI: Determine Your Compliance Gaps and Take Action to Ensure Full Compliance

QGPCI-SAQ1-1.gif

The new Self-Assessment Questionnaire (SAQ) Version 1.1, issued by the Payment Card Industry (PCI) Security Standards Council (PCI SSC) is now available within QualysGuard PCI.  Implementation of the new SAQ allows customers to complete all versions of the questionnaire online and e-file it securely with their acquiring banks.  The SAQ is available at https://www.pcisecuritystandards.org/tech/saq.htm and consists of four unique forms to meet various business scenarios.

For use primarily by Level 2, 3 and 4 merchants (and some smaller service providers), as defined by the major credit-card brands — Visa Inc., MasterCard Worldwide, Discover Financial Services, American Express and JCB International — to validate compliance with the PCI Data Security Standards (PCI DSS). The PCI SSC updated SAQ version 1.0 to better align with PCI DSS version 1.1 and created four variants to ensure merchants only answer questions relevant to their environment. Each of the four variants, labeled A, B, C and D have qualifying questions used to determine which of the four questionnaires a merchant is required to complete.

QualysGuard fully supports all four types of questionnaires, labeled A-D, including the ability to enter online comments for compensating controls, provide remediation action plan for non-compliant sections, complete attestation of the assessment and electronically sign the SAQ online. More details on the QualysGuard PCI implementation or SAQ 1.1 are available at: http://www.qualys.com/docs/QG_PCI_GSG.pdf within the PCI Questionnaires chapter.