Qualys has announced a partnership with the Center for Internet Security (CIS) to provide its members with built-in visibility of their externally-facing websites, certificates, and SSL/TLS configurations. “Integrating Qualys CertView into our existing services enables members to receive timely alerts and grades for each of their individual external websites,” said Thomas Duffy, MS-ISAC Chair, and CIS Senior Vice President of Operations and Services. “By leveraging the scale of the Qualys Cloud Platform to accurately scan all of our members’ external certificates, we are able to help them remediate potential security or compliance issues early.”
CIS will integrate Qualys CertView into its Multi-State Information Sharing and Analysis Center (MS-ISAC). By adding this functionality, CIS will now be able to monitor and notify members of expiring, vulnerable or misconfigured certificates as part of their existing customized monthly reports, helping them to avoid service disruptions and brand damage.
“CIS has built a valuable service to help member organizations gain visibility of their overall security and compliance posture, and Qualys is proud to help its members gain inventory and assessment of externally facing digital certificates,” said Philippe Courtot, chairman and CEO, Qualys, Inc. “The addition of Qualys CertView to its member services helps them secure their growing digital and web offerings.”
CIS’ integration of Qualys CertView is one of many collaborations between the two organizations. Qualys research analysts currently contribute to CIS benchmarks for Amazon Web Services, Microsoft Azure and Google Cloud Platform; and they have also contributed to benchmarks for Oracle Linux, IBM AIX and Microsoft IIS. Qualys offers these CIS policies out-of-the-box in its enterprise Policy Compliance (PC) solutions and makes them available free to all organizations through its Community Edition.
CIS certifies all policies within Qualys PC for control logic and reporting, and Qualys PC boasts the highest number of CIS-certified policies of any compliance solution. CIS Benchmarks and CIS Controls are consensus-based guides curated by security practitioners and are focused on performance, not profit. CIS benchmarks help safeguard systems against today’s evolving cyber threats.