Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

2/24/2010
09:23 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Qualys Launches Cloud Computing Solution For FDCC Compliance

QualysGuard FDCC module helps federal agencies validate the configuration of their desktops according to FDCC regulations

Redwood Shores, Calif. " February 23, 2010 - Qualys', Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced its new QualysGuard FDCC module " the first certified cloud-based computing solution for FDCC compliance. The QualysGuard FDCC module, validated by the National Institute of Standards and Technology (NIST) as conforming to the Security Content Automation Protocol (SCAP) and its component standards, provides a centralized, integrated solution leveraging the QualysGuard Software-as-a-Service (SaaS) architecture helping federal agencies validate the configuration of their desktops according to FDCC regulations.

In order to strengthen information security, Federal government agencies are required to standardize and certify their existing Windows XP and Windows Vista desktops according to FDCC specifications as mandated by the US Office of Management and Budget (OMB). Using the QualysGuard FDCC module, an agency can increase breadth of coverage while reducing cost and resource requirements to collect SCAP content and validate these systems to the FDCC requirements.

QualysGuard FDCC module enables federal IT security professionals to:

* Support SCAP content for Windows XP, Windows XP Firewall, Windows Vista, Windows Vista Firewall, Internet Explorer 7 * Utilize FDCC checklists from Qualys' library using updated published SCAP content * Certify compliance with FDCC requirements with detailed reports that include technical analysis of compliance and executive-level summaries * Provide complete coverage of all agency assets allowing for a complete picture of compliance rather than a statistical sample * Scales to scan very large, distributed and operationally diverse, networks

"The FDCC initiative was a big move forward for increasing the security posture of government systems, and I expect to see it expanded beyond desktops over the next year," said John Pescatore, VP and distinguished analyst at Gartner Inc. "To make sure that FDCC leads to both more effective and more efficient security controls, the automation and interoperability facilitated by standards like SCAP are critical components for success."

"FDCC compliance is a daunting task for government agencies as it requires a thorough analysis of all Windows Vista and Windows XP environments across their entire agency," said Philippe Courtot, chairman and CEO of Qualys. ""The QualysGuard FDCC module brings the scale and automation to accomplish this task efficiently and cost effectively."

Pricing and Availability Available immediately, The QualysGuard FDCC module annual subscription for federal agencies starts at $1,995 with additional licensing per IP. For more information or to purchase the solution, please visit: http://www.qualys.com/FDCC

About Qualys Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions " delivered as a service. Qualys' Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard' service is used today by more than 4,000 organizations in 85 countries, including 42 of the Fortune Global 100 and performs more than 250 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS.

For more information, please visit www.qualys.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27132
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
CVE-2021-25284
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
CVE-2021-3144
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
CVE-2021-3148
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
CVE-2021-3151
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...