For API version information, refer to the API Version History section.
View a list of compliance policies visible to the user. By default, the compliance policy list output shows all compliance policies in the subscription. Optional input parameters allow you to set filters to restrict the policy list output to policies with certain compliance policy IDs.
A maximum of 1,000 compliance policy records can be processed per request. If the requested list identifies more than 1,000 policies, then the XML output includes the <WARNING> element and instructions for making another request for the next batch of policy records.
Permissions - Click here to view permissions info
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action=list |
Required |
String |
Specify action to list all the policies. |
|
echo_request={0|1} |
Optional |
Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
|
details={Basic|All|None} |
Optional |
Boolean |
Show the requested amount of host information for each host. A valid value is: Basic - (default) Includes all policy details except technology list for each control, IP list for each asset group, and a user list All - includes all policy details None - includes policy ID and title |
|
ids={value} |
Optional |
Integer |
Show only certain policy IDs/ranges. One or more policy IDs/ranges may be specified. Valid host IDs are required. Multiple entries are comma separated. A policy ID range is specified with a hyphen (for example, 160-165). |
|
id_min={value} |
Optional |
Integer |
Show only policies which have a minimum policy ID value. A valid policy ID is required. |
|
id_max={value} |
Optional |
Integer |
Show only policies which have a maximum policy ID value. A valid policy ID is required. |
|
updated_after_datetime= {value} |
Optional |
Integer |
Show only controls updated after a certain date/time. See Date Filters. |
|
created_after_datetime= {value} |
Optional |
Integer |
Show only controls created after a certain date/time. See Date Filters. |
The date/time is specified in YYYY-MM-DD{THH:MM:SSZ] format (UTC/GMT), like “2010-03-01” or “2010-03-01T23:12:00Z”
If you specify a date but no time as for example 2010-03-01, then the service automatically sets the time to 2010-03-01T00:00:00Z (the start of the day).
When date filters are specified using both input parameters for a single API request, both date filters are satisfied (ANDed).
API Request
https://<qualys_base_url>/api/2.0/fo/compliance/policy/?action=list&details=AllXML Output
<!DOCTYPE POLICY_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/2.0/fo/compliance/policy/policy_list_output.dtd">
<POLICY_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2016-11-03T21:15:29Z</DATETIME>
<POLICY_LIST>
<POLICY>
<ID>18948</ID>
<TITLE><![CDATA[XP policy]]></TITLE>
<CREATED>
<DATETIME>2016-10-19T18:37:15Z</DATETIME>
<BY>quays_as</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2016-10-26T23:31:57Z</DATETIME>
<BY>quays_as</BY>
</LAST_MODIFIED>
<LAST_EVALUATED>
<DATETIME>2016-11-03T08:40:44Z</DATETIME>
</LAST_EVALUATED>
<STATUS><![CDATA[active]]></STATUS>
<IS_LOCKED>0</IS_LOCKED>
<EVALUATE_NOW><![CDATA[yes]]></EVALUATE_NOW>
<ASSET_GROUP_IDS>6065</ASSET_GROUP_IDS>
<TAG_SET_INCLUDE>
<TAG_ID>7588415</TAG_ID>
</TAG_SET_INCLUDE>
<TAG_INCLUDE_SELECTOR>ANY</TAG_INCLUDE_SELECTOR>
<INCLUDE_AGENT_IPS>1</INCLUDE_AGENT_IPS>
<CONTROL_LIST>
<CONTROL>
<ID>1045</ID>
<STATEMENT><![CDATA[Status of the 'Clipbook' service (startup type)]]></STATEMENT>
<CRITICALITY>
<LABEL><![CDATA[SERIOUS]]></LABEL>
<VALUE>3</VALUE>
</CRITICALITY>
</CONTROL>
<CONTROL>
<ID>1048</ID>
<STATEMENT><![CDATA[Status of the 'Shutdown: Clear virtual memory pagefile' setting]]></STATEMENT>
<CRITICALITY>
<LABEL><![CDATA[CRITICAL]]></LABEL>
<VALUE>4</VALUE>
</CRITICALITY>
</CONTROL>
</CONTROL_LIST>
</POLICY>
</POLICY_LIST>
<GLOSSARY>
<ASSET_GROUP_LIST>
<ASSET_GROUP>
<ID>6065</ID>
<TITLE><![CDATA[Windows XP]]></TITLE>
</ASSET_GROUP>
</ASSET_GROUP_LIST>
<ASSET_TAG_LIST>
<TAG>
<TAG_ID>7588415</TAG_ID>
<TAG_NAME>windows XP</TAG_NAME>
</TAG>
</ASSET_TAG_LIST>
</GLOSSARY>
</RESPONSE>
</POLICY_LIST_OUTPUT><platform API server>/api/2.0/fo/compliance/policy/policy_list_output.dtd
View a list of compliance policies visible to the user. By default, the compliance policy list output shows all compliance policies in the subscription. Optional input parameters allow you to set filters to restrict the policy list output to policies with certain compliance policy IDs.
A maximum of 1,000 compliance policy records can be processed per request. If the requested list identifies more than 1,000 policies, then the XML output includes the <WARNING> element and instructions for making another request for the next batch of policy records.
Permissions - Click here to view permissions info
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action=list |
Required |
String |
Specify action to list all the policies. |
|
echo_request={0|1} |
Optional |
Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
|
details={Basic|All|None} |
Optional |
Boolean |
Show the requested amount of host information for each host. A valid value is: Basic - (default) Includes all policy details except technology list for each control, IP list for each asset group, and a user list All - includes all policy details None - includes policy ID and title |
|
ids={value} |
Optional |
Integer |
Show only certain policy IDs/ranges. One or more policy IDs/ranges may be specified. Valid host IDs are required. Multiple entries are comma separated. A policy ID range is specified with a hyphen (for example, 160-165). |
|
id_min={value} |
Optional |
Integer |
Show only policies which have a minimum policy ID value. A valid policy ID is required. |
|
id_max={value} |
Optional |
Integer |
Show only policies which have a maximum policy ID value. A valid policy ID is required. |
|
updated_after_datetime= {value} |
Optional |
Integer |
Show only controls updated after a certain date/time. See Date Filters. |
|
created_after_datetime= {value} |
Optional |
Integer |
Show only controls created after a certain date/time. See Date Filters. |
The date/time is specified in YYYY-MM-DD{THH:MM:SSZ] format (UTC/GMT), like “2010-03-01” or “2010-03-01T23:12:00Z”
If you specify a date but no time as for example 2010-03-01, then the service automatically sets the time to 2010-03-01T00:00:00Z (the start of the day).
When date filters are specified using both input parameters for a single API request, both date filters are satisfied (ANDed).
API Request
curl -k -s -S -H 'X-Requested-With:curl demo2' -u "username:Password#" -d "action=list&details=Basic&ids=5744989" "https://<qualys_base_url>/api/3.0/fo/compliance/policy/"XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE POLICY_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/3.0/fo/compliance/policy/policy_list_output.dtd">
<POLICY_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2025-06-30T06:26:19Z</DATETIME>
<POLICY_LIST>
<POLICY>
<ID>5744989</ID>
<TITLE>
<![CDATA[One UDC]]>
</TITLE>
<CREATED>
<DATETIME>2025-06-25T15:04:04Z</DATETIME>
<BY>ctxta</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2025-06-27T11:57:34Z</DATETIME>
<BY>ctxta</BY>
</LAST_MODIFIED>
<LAST_EVALUATED>
<DATETIME>2025-06-30T06:01:44Z</DATETIME>
</LAST_EVALUATED>
<STATUS>
<![CDATA[active]]>
</STATUS>
<IS_LOCKED>0</IS_LOCKED>
<EVALUATE_NOW>
<![CDATA[yes]]>
</EVALUATE_NOW>
<ASSET_GROUP_IDS>10898081,10919108,10926154,10996581,11000130,11000163-11000164,11024194,11035730,11072689,11076105,11080595,11080756,11081917,11111120</ASSET_GROUP_IDS>
<CONTROL_LIST>
<CONTROL>
<ID>1071</ID>
<STATEMENT>
<![CDATA[Status of the 'Minimum Password Length' setting]]>
</STATEMENT>
<CRITICALITY>
<LABEL>
<![CDATA[URGENT]]>
</LABEL>
<VALUE>5</VALUE>
</CRITICALITY>
<STATUS>
<![CDATA[Active]]>
</STATUS>
</CONTROL>
<CONTROL>
<ID>100000</ID>
<STATEMENT>
<![CDATA[CitiJSONUDC2]]>
</STATEMENT>
<CRITICALITY>
<LABEL>
<![CDATA[URGENT]]>
</LABEL>
<VALUE>5</VALUE>
</CRITICALITY>
<STATUS>
<![CDATA[Active]]>
</STATUS>
</CONTROL>
</CONTROL_LIST>
</POLICY>
</POLICY_LIST>
<GLOSSARY>
<ASSET_GROUP_LIST>
<ASSET_GROUP>
<ID>10898081</ID>
<TITLE>
<![CDATA[IBMDB2]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>10919108</ID>
<TITLE>
<![CDATA[Inflobox AG]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>10926154</ID>
<TITLE>
<![CDATA[ip agent merge case]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>11081917</ID>
<TITLE>
<![CDATA[pyscand ag3]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>11111120</ID>
<TITLE>
<![CDATA[Windows AG nEw]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>10996581</ID>
<TITLE>
<![CDATA[dtest AG]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>11000130</ID>
<TITLE>
<![CDATA[Windows AG]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>11000163</ID>
<TITLE>
<![CDATA[Vcenter]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>11000164</ID>
<TITLE>
<![CDATA[VMagentPCIP]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>11024194</ID>
<TITLE>
<![CDATA[PC Only Ip]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>11035730</ID>
<TITLE>
<![CDATA[1.1.1.1]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>11072689</ID>
<TITLE>
<![CDATA[red hat 8]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>11076105</ID>
<TITLE>
<![CDATA[pyscand ag2]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>11080595</ID>
<TITLE>
<![CDATA[windows and unix agent ip]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
<ASSET_GROUP>
<ID>11080756</ID>
<TITLE>
<![CDATA[RDS]]>
</TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
</ASSET_GROUP_LIST>
</GLOSSARY>
</RESPONSE>
</POLICY_LIST_OUTPUT>
<platform API server>/api/3.0/fo/compliance/policy/policy_list_output.dtd
View a list of compliance policies visible to the user. By default, the compliance policy list output shows all compliance policies in the subscription. Optional input parameters allow you to set filters to restrict the policy list output to policies with certain compliance policy IDs.
A maximum of 1,000 compliance policy records can be processed per request. If the
requested list identifies more than 1,000 policies, then the XML output includes the
<WARNING> element and instructions for making another request for the next batch of policy records.
Permissions - Click here to view permissions info
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action=list |
Required |
String |
Specify action to list all the policies. |
|
echo_request={0|1} |
Optional |
Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
|
details={Basic|All|None} |
Optional |
Boolean |
Show the requested amount of host information for each host. A valid value is: Basic - (default) Includes all policy details except technology list for each control, IP list for each asset group, and a user list All - includes all policy details None - includes policy ID and title |
|
ids={value} |
Optional |
Integer |
Show only certain policy IDs/ranges. One or more policy IDs/ranges may be specified. Valid host IDs are required. Multiple entries are comma separated. A policy ID range is specified with a hyphen (for example, 160-165). |
|
id_min={value} |
Optional |
Integer |
Show only policies which have a minimum policy ID value. A valid policy ID is required. |
|
id_max={value} |
Optional |
Integer |
Show only policies which have a maximum policy ID value. A valid policy ID is required. |
|
updated_after_datetime= {value} |
Optional |
Integer |
Show only controls updated after a certain date/time. See Date Filters. |
|
created_after_datetime= {value} |
Optional |
Integer |
Show only controls created after a certain date/time. See Date Filters. |
The date/time is specified in YYYY-MM-DD{THH:MM:SSZ] format (UTC/GMT), like “2010-03-01” or “2010-03-01T23:12:00Z”
If you specify a date but no time as for example 2010-03-01, then the service automatically sets the time to 2010-03-01T00:00:00Z (the start of the day).
When date filters are specified using both input parameters for a single API request, both date filters are satisfied (ANDed).
API Request
curl -k -s -S -H 'X-Requested-With:curl demo2' -u "username:password@" -d "action=list&details=Basic&ids=1538419" "https://<qualys_base_url>/api/4.0/fo/compliance/policy/"XML Output
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE POLICY_LIST_OUTPUT SYSTEM "https://<qualys_base_url>/api/4.0/fo/compliance/policy/policy_list_output.dtd">
<POLICY_LIST_OUTPUT>
<RESPONSE>
<DATETIME>2025-07-11T10:13:20Z</DATETIME>
<POLICY_LIST>
<POLICY>
<ID>1538419</ID>
<TITLE><![CDATA[PC-33757]]></TITLE>
<CREATED>
<DATETIME>2025-07-07T05:40:23Z</DATETIME>
<BY>quays_ca7</BY>
</CREATED>
<LAST_MODIFIED>
<DATETIME>2025-07-10T07:05:28Z</DATETIME>
<BY>quays_ca7</BY>
</LAST_MODIFIED>
<LAST_EVALUATED>
<DATETIME>2025-07-10T07:06:34Z</DATETIME>
</LAST_EVALUATED>
<STATUS><![CDATA[active]]></STATUS>
<IS_LOCKED>0</IS_LOCKED>
<EVALUATE_NOW><![CDATA[yes]]></EVALUATE_NOW>
<ASSET_GROUP_IDS>54114745</ASSET_GROUP_IDS>
<CONTROL_LIST>
<CONTROL>
<ID>1071</ID>
<STATEMENT><![CDATA[Status of the 'Minimum Password Length' setting]]></STATEMENT>
<CRITICALITY>
<LABEL><![CDATA[URGENT]]></LABEL>
<VALUE>5</VALUE>
</CRITICALITY>
<STATUS><![CDATA[Active]]></STATUS>
</CONTROL>
<CONTROL>
<ID>1073</ID>
<STATEMENT><![CDATA[Status of the 'Maximum Password Age' setting (expiration) / Accounts having the 'password never expires' flag set]]></STATEMENT>
<CRITICALITY>
<LABEL><![CDATA[URGENT]]></LABEL>
<VALUE>5</VALUE>
</CRITICALITY>
<STATUS><![CDATA[Inactive]]></STATUS>
</CONTROL>
<CONTROL>
<ID>100017</ID>
<STATEMENT><![CDATA[File Directory Existence_Manager]]></STATEMENT>
<CRITICALITY>
<LABEL><![CDATA[URGENT]]></LABEL>
<VALUE>5</VALUE>
</CRITICALITY>
<STATUS><![CDATA[Inactive]]></STATUS>
</CONTROL>
<CONTROL>
<ID>100018</ID>
<STATEMENT><![CDATA[File/Directory Permission-Manager]]></STATEMENT>
<CRITICALITY>
<LABEL><![CDATA[URGENT]]></LABEL>
<VALUE>5</VALUE>
</CRITICALITY>
<STATUS><![CDATA[Active]]></STATUS>
</CONTROL>
<CONTROL>
<ID>100021</ID>
<STATEMENT><![CDATA[Unix Directory Search Check-Manager]]></STATEMENT>
<CRITICALITY>
<LABEL><![CDATA[URGENT]]></LABEL>
<VALUE>5</VALUE>
</CRITICALITY>
<STATUS><![CDATA[Active]]></STATUS>
</CONTROL>
</CONTROL_LIST>
</POLICY>
</POLICY_LIST>
<GLOSSARY>
<ASSET_GROUP_LIST>
<ASSET_GROUP>
<ID>54114745</ID>
<TITLE><![CDATA[10.11.70.160]]></TITLE>
<NETWORK_ID>0</NETWORK_ID>
</ASSET_GROUP>
</ASSET_GROUP_LIST>
</GLOSSARY>
</RESPONSE>
</POLICY_LIST_OUTPUT>
<platform API server>/api/4.0/fo/compliance/policy/policy_list_output.dtd
The following table depicts the information about the different versions of this API along with the status:
| API Version | EOS | EOL |
| /api/4.0/fo/compliance/policy/?action=list | Active | Active |
| /api/3.0/fo/compliance/policy/?action=list | December 2025 | June 2026 |
| /api/2.0/fo/compliance/policy/?action=list | December 2025 | June 2026 |