Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Qualys Enterprise TruRisk Platform Now Accelerates Federal Agency’s Zero-Trust Journey with Automated Compliance for OMB M-24-04 and CISA BOD 23-01

May 2024 by Marc Jacob

Qualys, Inc. announced it is expanding its focus on the government sector by enhancing and operationalizing the capabilities of the Qualys Enterprise TruRisk Platform. This expansion aims to accelerate support for federal zero-trust strategies through automated asset visibility and attack surface risk management as defined by OMB M-24-04, CISA BOD 23-01 and the broader FISMA guidelines.

As defined in EO 14028, federal agencies must show progress in their zero-trust implementation (OMB M-22-09). To further help operationalize zero trust, the OMB released FY24 FISMA Guidance (M-24-04) to focus on the visibility and security of the entire attack surface, specifically on monitoring and real-time reporting on vulnerabilities and threats.

While agencies recognize the value of zero trust, they need to take fundamental steps to progress. Insights from the Qualys Threat Research Unit show that better management of the external attack surfaces is needed as, on average, 31 percent of the assets are unknown to enterprises and agencies, while 45 percent of the assets do not have accurate criticality defined and fail to classify high-value assets (HVA).* This aligns with the OMB M-24-01 directive emphasizing the importance of understanding the attack surface. Further, Qualys analysis shows the mean time to remediate CISA catalog vulnerabilities is over 30 days, while attackers exploit vulnerabilities within an average of five days. This discrepancy underscores the need for agencies to continuously discover their known and unknown attack surfaces, perform effective risk assessments, and prioritize remediation efforts to comply with CISA BOD 23-01.

The Qualys Enterprise TruRisk Platform’s integrated solutions, CyberSecurity Asset Management, Vulnerability Management, Detection and Response (VMDR) and Patch Management, now seamlessly helps federal agencies fast-track the implementation of zero-trust strategies with continuous compliance and posture visibility into M24-04 and FISMA’s broader risk assessment and remediation requirements. With the Qualys platform, agencies get visibility and reporting for all their high-value assets, physically and virtually connected devices, including OT and IoT devices and their applications.

The Qualys Enterprise TruRisk Platform, with its unified view, allows agencies to:
• Clearly understand the assets and attack surface in compliance with OMB M-24-04: Qualys allows agencies to discover and inventory both the known and unknown internal and external attack surface of IT, IoT, cloud, and mobile assets across hybrid environments, along with software and applications, including open-source packages, while also identifying high-value assets.
• Address FISMA Patching Requirements per CISA BOD 23-01: In addition to discovering high-value assets, detecting, and assessing vulnerabilities and prioritizing risks according to the CISA catalog, Qualys allows patching from within the same integrated solution to minimize the risk of exploitation of federal assets.

• Showcase and fast-track measurable progress to zero-trust implementation: Qualys helps agencies identify and manage the entire attack surface along with integrated detection, prioritization, and remediation of vulnerability risks, allowing agencies to easily implement FISMA’s foundational guidance.

See previous articles


See next articles

Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55

All new podcasts