Policy Audit Onboarding

Onboarding is the process through which Qualys sets up the necessary configurations for you to perform compliance scans to assess the compliance status of your assets. This reduces the effort and time required to set up, configure, and start using PA for compliance assessment.

 This feature is available by default only to new customers.

Key Highlights

  • A wide array of industry standards tailored to your business needs to choose your compliance framework.

  • Activate your assets for Policy Audit automatically.

  • Automatically import required policies, launch scans, and build insightful dashboards.

Prerequisites

The following prerequisites must be met to use Policy Audit application.

  • Qualys Vulnerability Management must be available in your subscription and at least one VM scan (agent scan) should have been completed.

  • Qualys Cloud Agent (for VM and PA) must be available in your subscription.

Onboarding Workflow

Navigate to the Home page and then perform the following three simple steps:

Onboarding.

Step 1: Select Frameworks

Frameworks or Mandates are regulatory or good practice standards and compliance frameworks designed by government organizations. You can choose from various industry standards that fit your business needs to create your compliance framework. Select the frameworks you want to follow.

Step 2: Select Technologies

Choose technologies to evaluate compliance posture on your assets by assessing the selected technology. The Select Technologies page displays the list of technologies and Cloud Agents identified by your VM scan.

We provide you with two ways to quickly get started:

  • Auto-enable PA

  • Manually enable PA for the agents
    Activate PA for the specific Cloud Agents and select technologies detected by these Cloud Agents.

Step 3: Set Priority of Benchmarks

Drag and drop to set the benchmark priority to let the system know the recommended order for importing policies tailored to your business requirements, such as CIS, DISA, Vendor, or Qualys.

Automated Processes Initiated After Onboarding

Once the onboarding is initiated, the following activities happen automatically:

  • Cloud Agents are activated for Policy Audit.

  • Required policies are automatically imported for the compliance assessment. 

  • Based on the selection of technologies the appropriate asset tags for technologies are created and are assigned to respective policies and Cloud Agents.

  • Based on these imported policies the compliance scan is performed.

  • A default compliance dashboard is created to visualize the compliance posture. The dashboard provides a summary of your overall compliance status. It displays the compliance posture of the organization in terms of the underlying security baseline against selected frameworks.
    Later, if you want to add or remove the frameworks or mandates added during the onboarding process to display compliance posture on the default compliance dashboard, you can do so by using the Framework Display Preference policy setup option. For more information, refer to the Policies Setup help topic.