U.S. federal agencies are required to comply with White House cybersecurity executive orders, FedRAMP requirements, CISA Binding Operational Directives, NIST guidelines and FISMA modernization mandates. Compliance may also be a requirement at the state and local levels, as well as private sector firms that do business with federal agencies.
Qualys, a provider of disruptive cloud-based IT, security and compliance solutions, released its new offering on the federal market with its GovCloud platform as well as news of its achievement of FedRAMP Ready status at the High impact level.
GovCloud is a comprehensive offering that federal agencies can use as the foundation for their cybersecurity programs. The highly scalable platform supports federal and commercial organizations cost-effectively, delivering integrated capabilities, 24/7 support and training while maintaining a high level of protection.
Qualys (News - Alert) GovCloud solutions and capabilities include cybersecurity asset management with external attack surface management, vulnerability management detection and response, configuration and policy compliance, file integrity monitoring and container security.
Cybersecurity asset management with external attack surface management identifies, discovers inventory and classifies all known and unknown assets with security context. VMDR assesses, prioritizes, and remediates vulnerabilities based on TruRisk to meet Executive Order 14028, OMB M-21-31 as well as monitor posture against NIST requirement of RA-5.
GovCloud's regulatory compliance management with policy compliance capability allows government agencies to assess configuration posture against DISA while auditing and reporting their compliance with a wide range of standards.
File integrity monitoring detects and alerts on unauthorized changes to software firmware and information to align with the NIST SI-7 requirement. With container security, continuously discover, track and secure containers from build to runtime, aligning with the key federal DevOps initiative while addressing the additional FedRAMP requirement of NIST RA-5 regarding assessing containers for vulnerability risk.
With these solutions and capabilities, GovCloud is ready to meet the stringent cybersecurity assurance requirements of FedRAMP at the High impact level. FedRAMP is a government program that promotes the adoption of secure cloud services across federal agencies. It offers a rigorous, standardized approach to security authorizations for cloud service offerings. High certification is the most stringent with 421 security and risk management controls.
“We are dedicated to providing federal agencies with a modern alternative to legacy scanners to improve their security posture as they embrace digital transformation,” said Sumedh Thakar, President and CEO of Qualys.
Edited by Alex Passett