Understanding Configuration Compliance

Use test results obtained from third-party SCA integrations to verify compliance with security or corporate policies by identifying and remediating non-compliant configuration items.

What is Configuration Compliance

With Configuration Compliance you can do the following:

  • Automatically import policies, tests, authoritative sources, and technologies
  • Automatically correlate policies and tests to configuration items
  • Analyze test results
  • Remediate non-compliant configuration items

Who uses Configuration Compliance

Configuration Compliance activities can involve many levels of management.
  • System administrators
  • Vulnerability administrators
  • Vulnerability managers
  • Vulnerability analysts
  • Compliance administrators
Configuration Compliance tasks involve the following roles.
  • sn_vulc.admin — can read, write, delete
  • sn_vulc.write — can read and write
  • sn_vulc.read — can read

Configuration Compliance and Security Operations

Enterprise security response

Configuration Compliance works with third-party SCA scanner applications and integrates with Governance, Risk, and Compliance (GRC) for continuous monitoring.

When the Qualys Vulnerability Integration is installed, access to Vulnerability Response becomes available. GRC is available as a separate subscription.