Policy Compliance Library Updates, February 2021

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The February release includes 4 CIS Benchmark policies, 2 DISA STIG policy, 1 new mandate-based policy, 2 Industry and Best Practice policies, and provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policy

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and by contributing to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policy:

  • CIS Benchmark policy for Debian Family Linux, 1.0.0
  • CIS Benchmark policy for Red Hat Enterprise Linux 7 STIG v1.0.0
  • CIS Benchmark policy for Apache Tomcat 9 v1.1.0
  • CIS Benchmark policy for Microsoft Windows 10 Enterprise Release 20H2 v1.10.0

New Mandate-based Policy

  • National Cyber Security Centre Cyber Essentials for Linux

New Vendor Policy

  • Microsoft Security Baseline for Windows 10 Release 20H2

New Policies for NIST 800-53 Rev 5

  • NIST 800-53 Rev 5 for Database
  • NIST 800-53 Rev 5 for Linux
  • NIST 800-53 Rev 5 for Windows
  • NIST 800-53 Rev 5 for Network Devices

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere 6.5 ESXi Ver 2 Rel 1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SharePoint 2013 – V2R1

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance Policy for FreeBSD 11.x/12.x
  • Qualys Security Configuration and Compliance Policy for Panorama 8.x, 9.x and 10.x

Updated Library Policies

  • Policy update to include SCSEM guideline version:
    • Safeguard Computer Security Evaluation Matrix for Red Hat Enterprise Linux 7.x
  • Policy re-release to correct the control configurations:
    • CIS Benchmark for Red Hat Enterprise Linux 7, v3.0.0
    • CIS Benchmark for CentOS Linux 7, v3.0.0
    • CIS Benchmark for Red Hat Enterprise Linux 8, v1.0.
    • CIS Benchmark for Oracle Linux 8, v1.0.0
  • Policy re-release to correct the technology ID:
    • CIS Benchmark for Amazon Linux 2017, v2.1.0
  • Policy re-release to updated NL values for CIDs 3947 and 5168:
    • CIS Benchmark for IBM AIX 6.1, v1.1.0
    • CIS Benchmark for IBM AIX 7.1, v1.1.0
  • Policy re-release to correct potential false-positive for control 4375:
    • CIS Benchmark policy for Cisco IOS 15, V4.0.0
    • CIS Benchmark policy for Cisco IOS 16, v1.1.0
    • Qualys Security Configuration and Compliance Policy for Cisco IOS XE 17.x
    • DISA Security Technical Implementation Guide (STIG) policy for Cisco IOS XE Router RTR, V1R4
  • Policy re-release to fix CID 12786 and 2741 for CIS SLES 15 policy:
    • CIS Benchmark for SUSE Linux Enterprise 15.x, v1.0.0
  • Policy re-release to replace CID 9404 with CID 10602, add new CID 4143, and fix the control configurations of CID 2392 and 3923:
    • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.2.0
    • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.1.0
    • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.2.0
  • Policy re-release to replace CID 9404 with CID 13512:
    • CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.1.0
    • CIS Benchmark for Microsoft Windows 2012 R2, v2.3.0

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • BPP for OS Controls on SAP HANA on SuSE 12
  • CIS Benchmark policy for Juniper OS, 2.1.0
  • CIS Benchmark policy for Microsoft Intune for Windows 10 Release 2004 v1.0.0
  • DISA Security Technical Implementation Guide (STIG) policy for RHEL 6.x Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) policy for RHEL 7.x Version 3 Release 2
  • DISA Security Technical Implementation Guide (STIG) policy for Oracle Linux 6.x Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) policy for Oracle Linux 7.x Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) policy for Ubuntu 16.x Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) policy for Suse 12.x Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) policy for Ubuntu 18.x Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) policy for AIX 7 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) policy for Windows 10 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) policy for Windows 2012 R2 & non-R2 MS Version 3 Release 1
  • DISA Security Technical Implementation Guide (STIG) policy for Windows 2012 R2 & non-R2 DC Version 3 Release 1
  • DISA Security Technical Implementation Guide (STIG) policy for Windows 2016 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) policy for Windows 2019 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) policy for Microsoft SQL Server 2016 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) policy for Google Chrome Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) policy for Mozilla Firefox Version 5 Release 1
  • DISA Security Technical Implementation Guide (STIG) policy for Microsoft Outlook 2016 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) policy for RHEL 8 STIG – Ver 1, Rel 1
  • DISA Security Technical Implementation Guide (STIG) policy for Microsoft Access 2013 – Ver 1, Rel 6
  • DISA Security Technical Implementation Guide (STIG) policy for Microsoft Excel 2013 STIG – Ver 1, Rel 7
  • DISA Security Technical Implementation Guide (STIG) policy for Microsoft Office System 2013 STIG – Ver 2, Rel 1
  • DISA Security Technical Implementation Guide (STIG) policy for Microsoft Outlook 2013 STIG – Ver 1, Rel 13
  • DISA Security Technical Implementation Guide (STIG) policy for Microsoft PowerPoint 2013 STIG – Ver 1, Rel 6
  • DISA Security Technical Implementation Guide (STIG) policy for Microsoft Word 2013 STIG – Ver 1, Rel 6
  • Mandate-based policy for NCS (National Cryptographic Standards)
  • Qualys Security and Configuration policy for Apache Hadoop
  • Qualys Security Configuration and Compliance policy for Data Domain OS 6.x
  • Qualys Security and Configuration policy for MemSQL
  • Qualys Security and Configuration policy for Redis on Linux
  • Qualys Security and Configuration policy for SAP IQ 16

Policy Updates:

  • CIS benchmark policy for Ubuntu18.04 LXD Host
  • CIS benchmark policy for Ubuntu18.04 LXD Container
  • CIS Benchmark policy for Microsoft Windows 2019 (Release 1809), v1.1.0

If you have any questions, please contact your TAM or Technical Support. See all library updates.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *