Tell me about STIG Based Reports

Launch the (Security Technical Implementation Guides) STIG Based Report to view the compliance and security posture of the organization in terms of the Defense Information Systems Agency (DISA). This report helps you to view control posture as per the Rule IDs or Vuln IDs provided in the DISA security technical implementation guides.

Choose a DISA STIG policy to assess controls and get a view of compliance posture against the selected policies. .

Choose Assets, Asset Groups, Asset tags, IPs, etc  to draw data from for the report.

Tell me more about:

Managing Assets

Using Asset Tags

You'll need to make these selections:

Email notificationsEmail notifications

You can choose to send an email notification when a new report is available by choosing distribution groups, including users with Qualys accounts and those who do not have accounts.

Will the report be included? This depends on whether you've selected this in your settings under Reports > Setup > Scheduled Reporting.

Time zone selectionTime zone selection

Choose your local time zone (GMT shift and location) and if your time zone observes DST, the "Auto adjust during Daylight Saving Time" option is selected by default. We'll automatically adjust the start time for your scheduled report during time changes. This option is disabled for locations that never observe DST like Arizona and Hawaii. 

Don't see the scheduling settings?Don't see the scheduling settings?

Your subscription must have the Scheduled Reporting feature enabled. Please contact support or your account manager if you would like to enable this feature. Also a Manager must opt in to the New Data Security Model by going to Users > Setup > Security.


Looking for more information?

STIG Based Templates