With this API, you can export compliance policies in JSON format.
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
| policyId={value} | Required | Integer | The ID of the policy you want to export. |
| policyTitle={value} | Required | String |
The title of the policy you want to export. When using the GET method with the parameter policyTitle, it is essential to encode the title appropriately for URL compatibility. |
Users can enter either the policyId or the policyTitle. Providing both fields is not mandatory.
API Request
curl -X 'GET'
\ '<qualys_base_url>/pcas/v3/policy?policyId=<PolicyID>'
\ -H 'accept: application/json'
\ -H 'Authorization: Bearer <Auth Token>'XML Output
{
"policyId": 5656121,
"policyTitle": "Documentation_Policy",
"exported": "20-06-2024 06:05:25",
"coverPage": "CoverPage-PC-24431",
"isActive": true,
"isLocked": false,
"technologies": [
{
"technologyId": 18,
"technologyName": "Windows Vista"
}
],
"sections": [
{
"sectionNumber": 1,
"sectionHeading": "Section-1",
"controls": [
{
"controlId": 1072,
"sectionNumber": 1,
"controlNumber": 1,
"statement": "Status of the 'Minimum Password Age' setting",
"criticality": "CRITICAL",
"isControlDisable": false,
"referenceText": "Control 1072",
"technologies": [
{
"technologyId": 18,
"technologyName": "Windows Vista",
"evaluate": {
"dp": {
"k": "win.auth.passwords.minage",
"v": [
"1"
],
"description": "The following Integer value <B>X</B>
indicates the current status of the <B>'Minimum Password Age' (min_pass_age)</B> within the <B>Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Minimum password age</B>setting for local accounts.",
"fv": [
{
"value": "161803399999999",
"set": "0",
"description": "Attribute not found"
}
],
"op": "eq"
}
},
"remediation": "To establish the recommended configuration
via GP, set the following UI path to 1 or more day(s): Computer
Configuration\\Policies\\Windows Settings\\Security Settings\\Account
Policies\\Password Policy\\Minimum password age",
"rational": "Among the characteristics that make 'user
identification' via password a workable security solution is setting a
'minimum password age.' Without this minimum age requirement, any user(s)
who wish to re-use the same password can merely cycle through a number of
previously used passwords until returning to the preferred one (this is
determined by the 'Password History' setting). While no specific 'minimum
password age' can guarantee password security, one (1) day is generally
considered to be the shortest length of time permissible, along with
requiring other password security factors, such as increasing the
variability of the symbol set-space by requiring mixed-cases, special
characters, further increases the difficulty of breaking any password
using brute-force methods. Consider implementing this control for all
account passwords in conjunction with CID 1318 (Password History) and CID
1071 (Minimum Password Length) and CID 1073 (Maximum Password Age)."
}
]
}
]
}
]
}API Request
curl -X 'GET' \ '<qualys_base_url>/pcas/v3/policy?policyTitle=<PolicyTitle>'
\ -H 'accept: application/json'
\ -H 'Authorization: Bearer<Auth Token>'XML Output
{
"policyId": 5656121,
"policyTitle": "Documentation_Policy",
"exported": "20-06-2024 06:07:13",
"coverPage": "CoverPage-PC-24431",
"isActive": true,
"isLocked": false,
"technologies": [
{
"technologyId": 18,
"technologyName": "Windows Vista"
}
],
"sections": [
{
"sectionNumber": 1,
"sectionHeading": "Section-1",
"controls": [
{
"controlId": 1072,
"sectionNumber": 1,
"controlNumber": 1,
"statement": "Status of the 'Minimum Password Age' setting",
"criticality": "CRITICAL",
"isControlDisable": false,
"referenceText": "Control 1072",
"technologies": [
{
"technologyId": 18,
"technologyName": "Windows Vista",
"evaluate": {
"dp": {
"k": "win.auth.passwords.minage",
"v": [
"1"
],
"description": "The following Integer value <B>X</B> indicates the current status of the
<B>'Minimum Password Age' (min_pass_age)</B> within the <B>Computer Configuration\\Windows
Settings\\Security Settings\\Account Policies\\Password Policy\\Minimum password age</B>setting for local accounts.",
"fv": [
{
"value": "161803399999999",
"set": "0",
"description": "Attribute not found"
}
],
"op": "eq"
}
},
"remediation": "To establish the recommended configuration via GP, set the following UI path to 1 or more day(s): Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\Minimum password age", "rational": "Among the characteristics that make 'user identification' via password a workable security solution is setting a 'minimum password age.' Without this minimum age requirement, any user(s) who wish to re-use the same password can merely cycle through a number of previously used passwords until returning to the preferred one (this is determined by the 'Password History' setting). While no specific 'minimum password age' can guarantee password security, one (1) day is generally
considered to be the shortest length of time permissible, along with requiring other password security factors, such as increasing the variability of the symbol set-space by requiring mixed-cases, special characters, further increases the difficulty of breaking any password
using brute-force methods. Consider implementing this control for all account passwords in conjunction with CID 1318 (Password History) and CID 1071 (Minimum Password Length) and CID 1073 (Maximum Password Age)."
}
]
}
]
}
]
}
The response does not show the latest updated control definitions, instead it displays true or false in the controlDefinitionUpdateAvailable field.
API Request
curl -X 'GET' '<qualys_base_url>/pcas/v3/policy?policyId=<PolicyId>' -H 'accept: application/json' -H 'Authorization: Bearer <Bearer Token>'JSON Response
{
"policyId": <PolicyID>,
"policyTitle": "test",
"exported": "26-03-2026 07:41:42",
"isActive": true,
"isLocked": false,
"technologies": [
{
"technologyId": 45,
"technologyName": "Red Hat Enterprise Linux 6.x"
},
{
"technologyId": 80,
"technologyName": "CentOS 7.x"
},
{
"technologyId": 81,
"technologyName": "Red Hat Enterprise Linux 7.x"
},
{
"technologyId": 217,
"technologyName": "Red Hat Enterprise Linux 8.x"
},
{
"technologyId": 261,
"technologyName": "Ubuntu 20.x"
},
{
"technologyId": 372,
"technologyName": "Red Hat Enterprise Linux 9.x"
}
],
"sections": [
{
"sectionNumber": 1,
"sectionHeading": "Untitled",
"controls":
[
{
"controlId": 1071,
"sectionNumber": 1,
"controlNumber": 1,
"statement": "Status of the 'Minimum Password Length' setting",
"criticality": "URGENT",
"isControlDisable": false,
"technologies": [
{
"technologyId": 45,
"technologyName": "Red Hat Enterprise Linux 6.x",
"evaluate": {
"dp": {
"k": "rh06.secman.system.logindefs-min-password-length",
"v": [
"0"
],
"l": 0,
"description": "The following Integer value <b>X</b> indicates the current value of the <b>PASS_MIN_LEN</b> setting as defined within the <b>/etc/login.defs</b> file.",
"op": "ge",
"fv": [
{
"value": "161803399999999",
"set": "1",
"description": "Setting not found"
},
{
"value": "314159265358979",
"set": "1",
"description": "File not found"
}
]
}
},
"remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is \"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"controlDefinitionUpdateAvailable": false
},
{
"technologyId": 372,
"technologyName": "Red Hat Enterprise Linux 9.x",
"evaluate": {
"dp": {
"k": "rh06.secman.system.logindefs-min-password-length",
"v": [
"0"
],
"l": 0,
"description": "The following Integer value <b>X</b> indicates the current value of the <b>PASS_MIN_LEN</b> setting as defined within the <b>/etc/login.defs</b> file.",
"op": "ge",
"fv": [
{
"value": "161803399999999",
"set": "1",
"description": "Setting not found"
},
{
"value": "314159265358979",
"set": "1",
"description": "File not found"
}
]
}
},
"remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is \"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"controlDefinitionUpdateAvailable": false
},
{
"technologyId": 80,
"technologyName": "CentOS 7.x",
"evaluate": {
"dp": {
"k": "rh06.secman.system.logindefs-min-password-length",
"v": [
"0"
],
"l": 0,
"description": "The following Integer value <b>X</b> indicates the current value of the <b>PASS_MIN_LEN</b> setting as defined within the <b>/etc/login.defs</b> file.",
"op": "ge",
"fv": [
{
"value": "161803399999999",
"set": "1",
"description": "Setting not found"
},
{
"value": "314159265358979",
"set": "1",
"description": "File not found"
}
]
}
},
"remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is \"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"controlDefinitionUpdateAvailable": true
},
{
"technologyId": 81,
"technologyName": "Red Hat Enterprise Linux 7.x",
"evaluate": {
"dp": {
"k": "rh06.secman.system.logindefs-min-password-length",
"v": [
"0"
],
"l": 0,
"description": "The following Integer value <b>X</b> indicates the current value of the <b>PASS_MIN_LEN</b> setting as defined within the <b>/etc/login.defs</b> file.",
"op": "ge",
"fv": [
{
"value": "161803399999999",
"set": "1",
"description": "Setting not found"
},
{
"value": "314159265358979",
"set": "1",
"description": "File not found"
}
]
}
},
"remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is \"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"controlDefinitionUpdateAvailable": false
},
{
"technologyId": 217,
"technologyName": "Red Hat Enterprise Linux 8.x",
"evaluate": {
"dp": {
"k": "rh06.secman.system.logindefs-min-password-length",
"v": [
"0"
],
"l": 0,
"description": "The following Integer value <b>X</b> indicates the current value of the <b>PASS_MIN_LEN</b> setting as defined within the <b>/etc/login.defs</b> file.",
"op": "ge",
"fv": [
{
"value": "161803399999999",
"set": "1",
"description": "Setting not found"
},
{
"value": "314159265358979",
"set": "1",
"description": "File not found"
}
]
}
},
"remediation": "To specify password length requirements for new accounts, edit the file \"/etc/login.defs\" and add or correct the following lines: \n\nPASS_MIN_LEN <required value>\n\nexample:\n\nPASS_MIN_LEN 14\n\n\nNote:\nThe DoD requirement is \"14\". If a program consults \"/etc/login.defs\" and also another PAM module (such as \"pam_cracklib\") during a password change operation, then the most restrictive must be satisfied.",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"controlDefinitionUpdateAvailable": false
},
{
"technologyId": 261,
"technologyName": "Ubuntu 20.x",
"evaluate": {
"dp": {
"k": "deb00.auth.useraccount.password-length",
"v": [
"1"
],
"l": 0,
"description": "This Integer value <b>X</b> indicates the current status of the <b>PASS_MIN_LEN</b> setting as defined within the <b>/etc/login.defs</b> file.",
"op": "ge",
"fv": [
{
"value": "161803399999999",
"set": "1",
"description": "Setting not found"
},
{
"value": "314159265358979",
"set": "1",
"description": "File not found"
}
]
}
},
"remediation": "Configure this setting as per the business requirements or the organization's security policy.",
"rationale": "Among the several characteristics that make 'user identification' via password a secure and workable solution is setting a 'minimum password length' requirement. Each character that is added to the password length squares the difficulty of breaking the password via 'brute force,' which attempts using every combination possible within the password symbol set-space, in order to discover a user's password. While no 'minimum length' can be guaranteed secure, eight (8) is commonly considered to be the minimum for most application access, along with requiring other password security factors, such as increasing the size of the symbol set-space by requiring mixed-cases, along with other forms of password variability creation, increases the difficulty of breaking any password by brute-force attack.",
"controlDefinitionUpdateAvailable": false
}
]
},
]
}
]
}