Information Security Engineer at a university with 1,001-5,000 employees
Real User
Top 10
2025-02-11T10:12:00Z
Feb 11, 2025
The solution is used for sorting out vulnerabilities that have implications on security auditing and ensuring all assets added to compliance have no vulnerabilities, at least not critical ones. I use it mainly for monitoring these assets and the vulnerabilities affecting compliance.
Before deploying any servers, they need to fulfill their compliance requirements. Each server needs to undergo compliance checks. Once all the compliance checks are completed, we can deploy them. Qualys Policy Compliance helps complete these compliance checks, which are necessary before deployment.
Qualys Policy Compliance is used to define hardening policies for different technology platforms, such as Windows member servers, Windows domain controllers, Linux flavors, and networking appliances. This is what it is used for.
We use QualysGuard Policy Compliance for VMDR (Vulnerability Management, Detection and Response). We can use the solution to detect, block, and mitigate vulnerabilities.
Policy Compliance pretty much has just one use case, and that is to compare or assess the security hardening of a typical operating system or platform or, in some cases, an application against predefined or customized security best practices. For example, if we are running Windows PCs and servers, an organization could say we are going to follow Microsoft's best practices for security configuration, including how to harden Windows computers. We would basically load the Qualys policy compliance module with those best practices and agree on the list with the customer. Then Qualys simply does the rest. It basically verifies for each individual check if it is actually in place or not.
Qualys Policy Compliance (PC) automates the collection of technical controls from information assets within the enterprise, and maps this information to policies to fix and document compliance with regulations and business mandates. It provides compliance reporting by leveraging a comprehensive knowledge-base that is mapped to prevalent security regulations, industry standards and compliance frameworks.
The solution is used for sorting out vulnerabilities that have implications on security auditing and ensuring all assets added to compliance have no vulnerabilities, at least not critical ones. I use it mainly for monitoring these assets and the vulnerabilities affecting compliance.
Before deploying any servers, they need to fulfill their compliance requirements. Each server needs to undergo compliance checks. Once all the compliance checks are completed, we can deploy them. Qualys Policy Compliance helps complete these compliance checks, which are necessary before deployment.
Qualys Policy Compliance is used to define hardening policies for different technology platforms, such as Windows member servers, Windows domain controllers, Linux flavors, and networking appliances. This is what it is used for.
We use QualysGuard Policy Compliance for VMDR (Vulnerability Management, Detection and Response). We can use the solution to detect, block, and mitigate vulnerabilities.
Policy Compliance pretty much has just one use case, and that is to compare or assess the security hardening of a typical operating system or platform or, in some cases, an application against predefined or customized security best practices. For example, if we are running Windows PCs and servers, an organization could say we are going to follow Microsoft's best practices for security configuration, including how to harden Windows computers. We would basically load the Qualys policy compliance module with those best practices and agree on the list with the customer. Then Qualys simply does the rest. It basically verifies for each individual check if it is actually in place or not.