Controls

The Qualys Detection Score (QDS) is an opt-in feature. If enabled for your account, it will have an impact on the calculation of TruRisk score. When QDS is active, the TruRisk score is computed by factoring in the QDS metrics. For more information, contact you Technical Account Manager (TAM) or Qualys support.

To navigate to QDS using the Controls tab, refer to the following steps:

  1. Select Posture tab.
    The Posture tab with the Controls option selected is displayed.

  2. In the list of displayed controls, in the QDS column, select the score for which you want more details.
    The Posture Details page is displayed.

In the left pane, the QDS Details tab is selected by default. On this page, the user can view the following:

  • QDS Score
  • Level of QDS Score (Critical, High, Medium, or Low)
  • Contributing factors such as MITRE ATT&CK details and Associated Baseline details

Understanding QDS

QDS is a critical metric used to assess the compliance posture of an organization. QDS ranges from 1 to 100 and is divided into the following four severity levels:

  • Critical (Range: 90 – 100)
  • High (Range: 70 – 89)
  • Medium (Range: 40 – 69)
  • Low (Range: 1 – 39)

QDS is derived from the following factors:

  • Criticality – Importance of the control or configuration and its impact on compliance.
  • Policies – Specific security standards or benchmarks such as CIS, DISA, and STIGs and predefined configurations are considered for evaluating compliance.
  • MITRE Mapping – Misconfigurations are linked to MITRE ATT&CK techniques to prioritize remediation efforts based on practical attack tactics.
  • Best Practice Controls for Malware and Ransomware Prevention – Industry-recommended configurations that help mitigate misconfigurations proactively are considered.

QDS Range

The following table lists the QDS range along with its description:

QDS Range

Severity

Description

90-100

Critical

Misconfigurations with severe compliance gaps leading to immediate threats.

70-89

High

Misconfigurations with significant gaps that require prompt remediation to maintain compliance.

40-69

Medium

  

Moderate misconfigurations wherein remediation is advisable to improve compliance.

1-39

Low

Minor misconfigurations with negligible compliance impact.

It is recommended to prioritize controls with a QDS of 70 or higher to address critical and high-risk misconfigurations.

© Qualys, Inc. All rights reserved. Privacy Policy.