PRESS RELEASE

Redwood Shores, Calif. " February 23, 2010 - Qualys', Inc., the leading provider of on demand IT security risk and compliance management solutions, today announced its new QualysGuard FDCC module " the first certified cloud-based computing solution for FDCC compliance. The QualysGuard FDCC module, validated by the National Institute of Standards and Technology (NIST) as conforming to the Security Content Automation Protocol (SCAP) and its component standards, provides a centralized, integrated solution leveraging the QualysGuard Software-as-a-Service (SaaS) architecture helping federal agencies validate the configuration of their desktops according to FDCC regulations.

In order to strengthen information security, Federal government agencies are required to standardize and certify their existing Windows XP and Windows Vista desktops according to FDCC specifications as mandated by the US Office of Management and Budget (OMB). Using the QualysGuard FDCC module, an agency can increase breadth of coverage while reducing cost and resource requirements to collect SCAP content and validate these systems to the FDCC requirements.

QualysGuard FDCC module enables federal IT security professionals to:

* Support SCAP content for Windows XP, Windows XP Firewall, Windows Vista, Windows Vista Firewall, Internet Explorer 7 * Utilize FDCC checklists from Qualys' library using updated published SCAP content * Certify compliance with FDCC requirements with detailed reports that include technical analysis of compliance and executive-level summaries * Provide complete coverage of all agency assets allowing for a complete picture of compliance rather than a statistical sample * Scales to scan very large, distributed and operationally diverse, networks

"The FDCC initiative was a big move forward for increasing the security posture of government systems, and I expect to see it expanded beyond desktops over the next year," said John Pescatore, VP and distinguished analyst at Gartner Inc. "To make sure that FDCC leads to both more effective and more efficient security controls, the automation and interoperability facilitated by standards like SCAP are critical components for success."

"FDCC compliance is a daunting task for government agencies as it requires a thorough analysis of all Windows Vista and Windows XP environments across their entire agency," said Philippe Courtot, chairman and CEO of Qualys. ""The QualysGuard FDCC module brings the scale and automation to accomplish this task efficiently and cost effectively."

Pricing and Availability Available immediately, The QualysGuard FDCC module annual subscription for federal agencies starts at $1,995 with additional licensing per IP. For more information or to purchase the solution, please visit: http://www.qualys.com/FDCC

About Qualys Qualys, Inc. is the leading provider of on demand IT security risk and compliance management solutions " delivered as a service. Qualys' Software-as-a-Service solutions are deployed in a matter of hours anywhere in the world, providing customers an immediate and continuous view of their security and compliance postures.

The QualysGuard' service is used today by more than 4,000 organizations in 85 countries, including 42 of the Fortune Global 100 and performs more than 250 million IP audits per year. Qualys has the largest vulnerability management deployment in the world at a Fortune Global 50 company.

Qualys has established strategic agreements with leading managed service providers and consulting organizations including BT, Etisalat, Fujitsu, IBM, I(TS)2, LAC, NTT, SecureWorks, Symantec, Tata Communications and TELUS.

For more information, please visit www.qualys.com.