Import Compliance Policy from Library

You can import policies directly to your account from our Compliance Policy Library.

What types of policies are available?

The library includes policies based on popular compliance frameworks, such as SOX, HIPAA, and CoBIT.

Import a Policy from Library

Go to Policies > New > Policy > Import from Library.

Click the policy you want and then click Next. Follow the wizard to give your policy a name and choose whether the policy should be locked or unlocked after import.

Locked policies 

Our library includes locked policies for testing compliance against specific CIS benchmarks. These policies have been reviewed and certified by CIS (the Center for Internet Security). When a policy is locked, you can add hosts to the policy but you can't make any other edits.

During the import, you get the option to import the locked policy as unlocked. This lets you remove the editing restrictions.

Edit the Imported Policy

You can edit the policy to change the assigned asset groups. If the policy is unlocked, you can also change the title, technologies, controls, etc. If the policy is locked, no other changes are allowed. You can, however, save a copy of any locked policy with a new name and edit it as needed.

New Policy Version

When there is a newer version of a policy available, the new version will be added to the Policy Audit Library and the old version will be removed from the Library. You can view that each policy has a version number. Go to PA > Policies > New > Policy > Import from Library, select the policy version you are interested in, and click Next to import it to your account. You can decide whether to delete old policy versions from your account or keep them.

How do you know when there is a new policy version available?

We announce Policy Audit Library Updates at notifications.qualys.com on a regular basis. Follow Qualys notifications to get these updates.

View Change Log for a Policy

To view the Change Log for a policy, navigate to:

  1. Policies > New > Policy > Import from Library.
    In the Policy Editor window, the Create a New Policy window is displayed.
  2. In the Create a New Policy window, select a Label and Technology.
    The associated policies are displayed. For every policy, the Change Log option is displayed.
  3. Select Change Log.
    The Policy Change Log window is displayed. 

    Change log window.

    This displays the number of revisions made to the policy and the dates on which they occurred, with the latest revision shown first. Release versions are also updated whenever changes are made to the library policy.

    To view the changes that have been performed on the Policy for a version, select VIEW.
    The Change window is displayed with all the changes that have been performed.

    Change log details displayed in the Change window.

If no change is done to a policy, on selecting VIEW, the No change log data available message is displayed.

Not Able to View the Policy

You can also import a compliance policy from an XML file. Learn more about Import Compliance Policy from XML.

 

© 2026 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: April, 2026