Qualys, Inc. announced its new GovCloud platform along with the achievement of FedRAMP Ready status at the High impact level, from the Federal Risk and Authorization Management Program (FedRAMP). Qualys GovCloud, including its integrated capabilities, is 'ready' to meet the stringent cybersecurity assurance requirements of FedRAMP at the High impact level. High certification is the most stringent with 421 security and risk management controls.

Qualys GovCloud is a comprehensive offering including - asset inventory with external attack surface visibility, vulnerability risk and remediation management and compliance management - that federal agencies can use as the foundation for their cybersecurity programs. Its integrated platform includes all the critical security and compliance solutions needed to address Executive Orders and aligns with NIST 800-53 v5 standards eliminating the need to stitch together siloed solutions. The highly scalable GovCloud platform supports federal and commercial organizations cost-effectively, delivering integrated capabilities, 24x7 support and training while maintaining the highest level of protection. Qualys GovCloud includes: Cybersecurity Asset Management with External Attack Surface Management – to identify, discover inventory and classify all known and unknown assets with security context.

The solution also syncs with your CMDB, helping address CISA BOD 23-01 and comprehensively report against the NIST 800-53 v5 requirement of CM-8. Vulnerability Management Detection and Response (VMDR) - assess, prioritize, and remediate vulnerabilities based on TruRisk to meet Executive order 14028, OMB M-21-31 as well as monitor posture against NIST requirement of RA-5. Configuration and Policy Compliance - GovCloud's Regulatory Compliance Management with Policy Compliance capability allows government agencies to assess configuration posture against DISA while auditing and reporting their compliance with a wide range of standards, including NIST 800-53/FedRAMP, NIST 800-171, NIST CSF, CMMC, CERT Resiliency, etc. File Integrity Monitoring – detects and alerts on unauthorized changes to software firmware and information to align with the NIST SI-7 requirement. Container Security - continuously discover, track, and secure containers from build to runtime, aligning with the key federal DevOps initiative while addressing the additional FedRAMP requirement of NIST RA-5 regarding assessing containers for vulnerability risk.