Qualys, Inc. announced it is expanding its focus on the government sector by enhancing and operationalizing the capabilities of the Qualys Enterprise TruRisk Platform. This expansion aims to accelerate support for federal zero-trust strategies through automated asset visibility and attack surface risk management as defined by OMB M-24-04, CISA BOD 23-01 and the broader FISMA guidelines. As defined in EO 14028, federal agencies must show progress in their zero-trust implementation (OMB M-22-09).

To further help operationalize zero trust, the OMB released FY24 FISMA Guidance (M-24-04) to focus on the visibility and security of the entire attack surface, specifically on monitoring and real-time reporting on vulnerabilities and threats. The Qualys Enterprise TruRisk Platform's integrated solutions, CyberSecurity Asset Management, Vulnerability Management, Detection and Response (VMDR) and Patch Management, now seamlessly help federal agencies fast-track the implementation of zero-trust strategies with continuous compliance and posture visibility into M24-04 and FISMA's broader risk assessment and remediation requirements. With the Qualys platform, agencies get visibility and reporting for all their high-value assets, physically and virtually connected devices, including OT and IoT devices and their applications.

The Qualys Enterprise TruRisk Platform, with its unified view, allows agencies to: Clearly understand the assets and attack surface in compliance with OMB M-24-04:Qualys allows agencies to discover and inventory both the known and unknown internal and external attack surface of IT, IoT, cloud, and mobile assets across hybrid environments, along with software and applications, including open-source packages, while also identifying high-value assets. Address FISMA patching requirements per CISA BOD 23-01: In addition to discovering high-value assets, detecting, and assessing vulnerabilities and prioritizing risks according to the CISA catalog, Qualys allows patching from within the same integrated solution to minimize the risk of exploitation of federal assets. Showcase and fast-track measurable progress to zero-trust implementation: Qualys helps agencies identify and manage the entire attack surface along with integrated detection, prioritization, and remediation of vulnerability risks, allowing agencies to easily implement FISMA's foundational guidance.

Availability: The enhanced and operationalized Enterprise TruRisk Platform supporting the federal zero-trust journey is immediately available.