A new release of Qualys CloudView 1.21 includes an update to mandates and CloudView UI. This notification provides an early preview, allowing you to identify use cases that can leverage the release updates. The release is targeted for January 2022, the specific day will differ depending on the platform. See platform release dates on the Qualys Status page.
Updates to Mandate configurations
Qualys CloudView application is extending mandate coverage by introducing new mandates and upgrading versions of the existing ones. These changes are available in CloudView 1.21 release.
Updated mandates with new versions
|Sr No||Mandate Name||Current Version||Version Post 1.21 release|
|1||The Australian Signals Directorate – The Essential 8 Strategies (ASD 8)||February 2017||June 2020|
Updated mandates to fix sorted order (no other change in mapping)
|Sr No||Mandate Name||Version|
|1||Federal Risk and Authorization Management Program (FedRAMP H) – High Security Baseline||Rev. 4|
|2||Federal Risk and Authorization Management Program (FedRAMP M) – Moderate Security Baseline||Rev. 4|
Updates to CloudView UI
There are two major updates to CloudView UI
- Infrastructure as Code (IaC) security posture
- CloudView Application Home
Infrastructure as Code (IaC) security posture
As a part of the introduction of Infrastructure as Code security (beta) earlier, we had introduced a new category “Execution Type” for policies and controls with values as follows:
- Run Time – category for listing controls and policies for evaluations on deployed cloud resources
- Build Time – category for listing controls and policies for evaluations on IaC templates
This was supported with search tokens on the Policy tab using the following search tokens:
- policy.executionType: search policies by the execution type (Build Time, Run Time).
- control.executionType: search controls by the execution type (Build Time, Run Time).
In CloudView release 1.21, you will see the introduction of IaC Security posture in the Monitor, Policy, and Reports tabs.
- Monitor Tab: Introduction of new tabs, Cloud Posture (for current Monitor UI display – runtime posture) and IaC Posture (display of IaC template evaluations – buildtime posture).
- Policy Tab: The IaC Posture lists the evaluations on IaC templates for the scans those were triggered from Git Repository such as GitHub Actions, Bitbucket pipeline, GitLab pipeline, Azure pipeline.
- Reports Tab: Reports (PDF and CSV) screen will now have an option to select execution type and based on the selection either “Run time” or “Build time”, you can generate assessment reports.
CloudView Application Home
Qualys CloudView introduces an application home page. On navigation to CloudView application, you will now land on the home page and get the ability to see a summarized view of your cloud resources and posture with out-of-the-box widgets, the single-pane to see all available features and new introductions to the application.
Refer CloudView API Notification and Release notes for more information.