Vulnerability Management

Qualys VMDR

Name: Qualys VMDR
Rating: 2.2666666666666666 (18 reviews)
Author: Qualys

by Qualys

Covered

controls

Partial

controls

Gaps

controls

NIST 800-171 Coverage8%

Overview

Qualys VMDR by Qualys is a vulnerability management solution that covers 9 NIST 800-171 controls (8% total coverage). It addresses key requirements in the vulnerability management domain for defense contractors pursuing CMMC compliance.

Controls Covered (9)

ra-3-11-1 ra-3-11-2 ra-3-11-3 cm-3-4-1 cm-3-4-2 si-3-14-1 si-3-14-2 au-3-3-1 ca-3-12-1

Partially Covered (2)

sc-3-13-1 cm-3-4-6

Not Covered (3)

mp-3-8-1 ia-3-5-1 pe-3-10-1

Implementation Notes

Deploy Qualys VMDR with FIPS-validated configurations. Integrate with your SIEM for centralized audit logging. Review partial controls quarterly to identify supplementary tooling needs.

More Vulnerability Management Products

Tenable.io

Tenable — 9% coverage

Rapid7 InsightVM

Rapid7 — 7% coverage

CrowdStrike Spotlight

CrowdStrike — 7% coverage

Arctic Wolf

Arctic Wolf — 6% coverage

Frequently Asked Questions

How many NIST 800-171 controls does Qualys VMDR cover?

Qualys VMDR covers 9 of 110 NIST 800-171 controls (8%), with 2 partially covered and 3 gaps.

Can Qualys VMDR alone satisfy CMMC Level 2?

No single tool covers all 110 NIST 800-171 controls. Qualys VMDR covers 8% and should be part of a layered security stack addressing the remaining controls.

What controls does Qualys VMDR not cover?

Qualys VMDR does not cover controls mp-3-8-1, ia-3-5-1, pe-3-10-1. These require supplementary solutions such as physical security controls, additional access management, or media protection tools.

Map Your Full Security Stack

See NIST 800-171 control coverage for 80+ security products.

Open NIST Tool Mapper

← All NIST Tool Mappings

Vulnerability Management

Qualys VMDR

by Qualys

Covered

controls

Partial

controls

Gaps

controls

NIST 800-171 Coverage8%

Overview

Controls Covered (9)

ra-3-11-1 ra-3-11-2 ra-3-11-3 cm-3-4-1 cm-3-4-2 si-3-14-1 si-3-14-2 au-3-3-1 ca-3-12-1

Partially Covered (2)

sc-3-13-1 cm-3-4-6

Not Covered (3)

mp-3-8-1 ia-3-5-1 pe-3-10-1

Implementation Notes

Deploy Qualys VMDR with FIPS-validated configurations. Integrate with your SIEM for centralized audit logging. Review partial controls quarterly to identify supplementary tooling needs.

More Vulnerability Management Products

Tenable.io

Tenable — 9% coverage

Rapid7 InsightVM

Rapid7 — 7% coverage

CrowdStrike Spotlight

CrowdStrike — 7% coverage

Arctic Wolf

Arctic Wolf — 6% coverage

Frequently Asked Questions

How many NIST 800-171 controls does Qualys VMDR cover?

Qualys VMDR covers 9 of 110 NIST 800-171 controls (8%), with 2 partially covered and 3 gaps.

Can Qualys VMDR alone satisfy CMMC Level 2?

No single tool covers all 110 NIST 800-171 controls. Qualys VMDR covers 8% and should be part of a layered security stack addressing the remaining controls.

What controls does Qualys VMDR not cover?

Qualys VMDR does not cover controls mp-3-8-1, ia-3-5-1, pe-3-10-1. These require supplementary solutions such as physical security controls, additional access management, or media protection tools.

Map Your Full Security Stack

See NIST 800-171 control coverage for 80+ security products.

Open NIST Tool Mapper

← All NIST Tool Mappings