An in-depth view of IT policy compliance

Qualys announced the release of QualysGuard Policy Compliance 3.0, providing more comprehensive policy compliance scanning capabilities without the need to install agents.

The latest version expands support for new operating systems and adds support for scanning databases and network devices – providing customers with a full, in-depth view of IT policy compliance across all assets.

New features include:

bExpanded configuration support. New supported technologies include Active Directory 2000, 2003 and 2008, AIX 6.x. CentOS 4.x and 5.x, Oracle Enterprise Linux 4 and 5, HPUX 11i.v3, Windows 7, and Cisco IOS 12.x and 15.x. Total number of configuration checks as of February 11, 2011 is 6,922 across 34 technologies.
• File integrity checks. Users can verify the integrity of files through agent-less, authenticated scans. New advanced scanning allows Windows and Unix file hashes to be calculated and compared scan to scan to verify the integrity of critical files.
• Support for benchmarks and security checklists. The importable policy library currently supports the following Center for Internet Security (CIS) benchmarks: Windows XP Professional v2.0.1, Windows 2000 Level 1 v1.2.2, Windows 2000 Server Level 2 v2.2.1, and Windows 2003 Member Server v2.0.0; Federal Desktop Core Configuration (FDCC) security checklists: Windows XP v1.2, Windows XP Firewall v1.2, Windows Vista v1.2, Windows Vista Firewall v1.2, and Internet Explorer 7 v1.2; and United States Government Configuration Baseline (USGCB) security checklists: Windows 7 v1.0, Windows 7 Firewall v1.0, and Internet Explorer 8 v1.0.
• Use of dissolvable agents. The QualysGuard scanning engine can use a dissolvable agent – an application used by the scanning engine to access certain data on target hosts that cannot be accessed remotely – for remote authenticated scanning. The agent is created on demand as needed and removes itself completely when it’s done collecting data, enabling secure, trusted, authenticated scans remotely.
• Password auditing checks. New advanced scanning capabilities using the dissolvable agent check the actual password of users, not just the rules governing the passwords. QualysGuard Policy Compliance 3.0 can validate password rules including empty password, password matches user name, and password matches an entry in the custom password dictionary.
• User-defined controls. In addition to published content, the solution supports user-defined content for Windows and Unix. This capability allows customers to expand content for additional or custom configuration settings stored in the registry or files.
• New trend reports. Executive and technical reports include up to 90 days worth of trending data, including number of hosts scanned, number of controls in the policy, and compliance pass/fail results.
• Integrations with leading GRC solutions. QualysGuard Policy Compliance 3.0 is now integrated with leading GRC solutions including RSA Archer and Rsam. These integrations help customers leverage their GRC investments by automating the collection of technical controls through agentless scanning.
• Integrations with credential management systems. To continue to improve privileged scanning, QualysGuard Policy Compliance 3.0 supports integrations with Cyber-Ark for storing privileged credentials in a password vault and PowerBroker for providing better control and logging of escalated privileges.