(from the official University Information Security Office (UISO) page on Qualys scanning)

Authorized system administrators, network engineers and security analysts may scan individual critical devices or entire network segments within their administration. Because UA has a limited number of licenses, computers entered in the Critical Device Registry are given priority for vulnerability scanning.

Network discovery and mapping may be performed without limitation on entire network segments within a Network Manager's administration.

To register for an account, a UA employee must:

• Read the tutorial in the Quickstart guide
• Be registered in the Network Manager database for all IP addresses to be scanned for vulnerabilities or IP address ranges to be mapped

To request an account, qualified persons should contact the Information Security Office (InfoSec) [at iso@u.arizona.edu] with the following information:

• Requestor's name
• Unit's name
• Name of the dean, director or department head who is ultimately responsible for the data stored in the computers to be scanned (who is known for this purpose as the "Executive Business Unit Manager")
• For network discovery and mapping, the unit's IP address range
• For vulnerability scanning, the IP addresses of devices to be scanned
  • All devices must have been registered in the Critical Device Registry (http://security.arizona.edu/cdi) prior to scanning for vulnerabilities

InfoSec will contact the requestor with additional information and instructions.