Controls are the building blocks of the policies used to measure and report compliance for a set of hosts. We provide many controls for you to choose from and you can customize them too. Controls play the key part in the compliance posture of resource.
System-defined Control is a predefined control provided by Qualys. Few system-defined controls are customizable while few are not. The control indicator icon tells us if the control is customizable or not. Show me
- control cannot be customized.
- control can be customized
to suit your need.
You can copy any system-defined
control to make your own user-defined controls that you can customize
to meet your needs.
You can modify the criticality of any control to suit your need. If the control criticality needs to be changed to match your environment, you can select the control, select Change Criticality from quick action menu. Show me
Select the criticality you want to assign to the control and click Change Criticality. Show me
Note: When you change criticality, the revised control criticality for existing evaluations is effective on Monitor View upon next connector run.
Let us consider a scenario where a control with HIGH criticality evaluated three resources. Now, if you change the criticality of the control to LOW, the change in evaluation results reflects only after connector run. During the connector run, assume that only two resources get detected. The control evaluation results for resources that get detected post connector run will reflect (LOW criticality). However, control evaluation result for the resource that did not get detected post connector run will be counted as HIGH criticality.
Go to Policy > Controls and select the control to be customized,
select Copy Control from the quick action menu. The
icon indicates that the control is customizable. 12 AWS and 2 Azure controls
for customization. Show
me
You can then modify the parameters of the control as per your requirement and save the customized control. The customized control is available to associate with policy and evaluate the resources.
For example, let us modify the minimum password length to 10 for AWS CID 11.
(1) Select the control and click Copy Control from quick action menu.
(2) Change the name of control and criticality if needed. Click Next
(3) Set the expected value in Evaluation Parameter to 10. Change other aspects such as Evaluation Description, Evaluation Message as per your need. Click Next.
(4) Update the Additional Details if needed. Click Create.
That's it! Your new custom control is ready to use.
Yes. Choose the user-defined control to be edited and choose Edit from the quick action menu. You can edit only user-defined controls. You cannot edit system-defined control.
Yes. Choose the user-defined control to be deleted and choose Edit from the quick action menu. You can delete only user-defined controls. You cannot delete system-defined control.