Start Scanning for SCAP Compliance

Scan your systems for SCAP compliance.

A few things to consider...

Have you thought about which hosts you want to scan and which options you want to use? We can help you sort this out quickly - review the basics for some ideas.

Scanning - The Basics

Got your policies ready?

Add SCAP policies to test againstAdd SCAP policies to test against

You need a SCAP policy to evaluate hosts for SCAP compliance. Each time you launch a SCAP scan you'll select a policy that you want to test against. We recommend you add one or more policies now.

How do I add a policy? You can import a policy from our library, or create your own. Go to Policies > New. Learn more

I am ready to start my scan. What are the steps?

It is simple to start your scan. Go to Scans > SCAP Scans > New > Scan (or Schedule Scan), and tell us:

  1. IPs to scan
  2. Scan options to use
  3. SCAP policy to test against
  4. Which scanner appliance is right for the job. Ensure it is enabled for SCAP scanning

Choosing an option profileChoosing an option profile

A compliance option profile is a set of scan configuration settings used for compliance scans. We recommend you select the profile Initial PC Options to get started. By creating your own profile, you can fine tune settings.

Choosing a scanner appliance

Help with scheduling

I started my scan. What is next?

Check out your scan resultsCheck out your scan results

How do I know when the scan is done? You are able to know when the scan status shows Finished. At this time you can select View from the Quick Actions menu to see the full results in an HTML report. If you have notifications turned on you get an email.

When can I run reports? We merge (process) your scan results into your account. Watch for the solid green circle Scan Finished, Results Processed Icon to know the results are processed. Then you are ready to create reports based on the most recent scan findings.

Learn more about scan results

Verify that authentication workedVerify that authentication worked

Information about whether hosts passed or failed authentication appears in your scan results. Look at the Report Summary and the Appendix. You can also run the Authentication Report. Learn more

Stay in sync with your scan calendar

Access your scan calendar anywhere, anytime. Learn more

Quick Links

Manage your scans

Set up host authentication

Configure scan settings

SCAP Policies

Resources

Best Practices for Scanning

You can exclude a host from ALL scans in one step. Add the IP to the global exclude list under Scans > Setup.

 

© 2025 Qualys, Inc. All rights reserved. Privacy Policy. Last updated: September, 2025