Policy Compliance Library Updates, October 2025
Qualys’ library of built-in policies makes it easy to comply with the widely adopted security standards and regulations. The platform offers a broad range of policies, including many that have been certified by the Center for Internet Security (CIS), as well as security guidelines and industry best practices from operating system and application vendors.
Qualys’ Certification Page on the CIS website has also been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmark policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. By leveraging industry best practices, these guidelines help reduce the risk of cyberattacks, such as data breaches.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). These guidelines equip organizations with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks that safeguard sensitive data and help ensure privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in October 2025:
| CIS Benchmark Policies | 12 |
| DISA STIG Policy | 4 |
| Industry Best Practices Policy | 29 |
| New Supported Mandates | 0 |
| Deprecated Mandates | 0 |
Listed below are the newly published policies and mandates:
| CIS Benchmark Policies | CIS Microsoft Windows Server 2019 STIG Benchmark, v4.0.0 CIS IBM i V7R4M0 Benchmark, v2.1.0 CIS IBM i V7R5M0 Benchmark, v2.1.0 CIS Microsoft Intune for Windows 10 Benchmark, v4.0.0 CIS Google Kubernetes Engine (GKE) Benchmark, v1.8.0 CIS Cisco NX OS Switch RTR STIG Benchmark, v1.0.0 CIS Apple macOS 14.0 Sonoma Cloud-tailored Benchmark, v1.1.0 CIS Apple macOS 13.0 Sonoma Cloud-tailored Benchmark, v1.1.0 CIS Cisco NX OS Switch L2S STIG Benchmark, v1.0.0 CIS Oracle Database 23ai Benchmark, v1.1.0 CIS Cisco NX OS Switch NDM STIG Benchmark, v1.0.0 CIS MongoDB 7 Benchmark, 1.2.0 |
| DISA STIG Policies | DISA Security Technical Implementation Guide (STIG) for Apache Tomcat Application Server 9 – Ver 3, Rel 2 DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V2R5 DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V2R4 DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 8, V2R5 DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V3R3 DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 15.x, V2R5 DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2019 STIG Mailbox Server, V2R3 DISA STIG for Cisco IOS Switch NDM, V3R5 DISA STIG for Cisco IOS Router NDM, V3R5 DISA STIG for Cisco IOS XE Switch L2S, V3R2 DISA STIG for Cisco IOS XE Switch L2S, V3R2 DISA STIG for Cisco IOS XR Router NDM, V3R4 DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R4 DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 , V2R5 DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 , V3R5 DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V3R3 DISA Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS, V2R5 DISA Security Technical Implementation Guide (STIG) for Ubuntu 20.04 LTS STIG V2R3 DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V3R3 DISA Security Technical Implementation Guide (STIG) for Oracle Database 19c, V1R2 DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, V3R5 DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V2R3 DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R11 DISA Security Technical Implementation Guide (STIG) for Crunchy Data PostgreSQL 16.x, V1R1 DISA Cisco NX-OS Switch NDM, V3R4 DISA Security Technical Implementation Guide (STIG) for Ubuntu 24.04 LTS, V1R2 DISA STIG for Cisco IOS XE Switch RTR, V3R2 DISA STIG for Cisco IOS XE Switch NDM, V3R4 DISA Security Technical Implementation Guide (STIG) for Microsoft DotNet Framework 4.0, V2R7 |
| Industry and Best Practices Policies | Security Configuration & Compliance Policy for Alma Linux 10.x Security Configuration and Compliance Policy for JBoss EAP 8.x Security Configuration and Compliance Policy for Nutanix AOS (Prism Element) Safeguard Computer Security Evaluation Matrix for VMWare ESX 8.x |
| New Supported Mandates | NA |
| Deprecated mandates | NA |
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
| Policy | Update |
| National Cyber Security Centre Cyber Essentials for Microsoft Windows | Re-release for National Cyber Security Centre Cyber Essentials for Microsoft Windows, to add Windows 11 and Windows technology. |
| DISA Security Technical Implementation Guide (STIG) for IBM WebSphere Traditional V9.x, V1R1 | Re-release for DISA Security Technical Implementation Guide (STIG) for IBM WebSphere Traditional V9.x, V1R1, to add the 31065 control. |
| DISA Security Technical Implementation Guide (STIG) for IBM WebSphere Traditional V9.x, V1R1 | Re-release for DISA Security Technical Implementation Guide (STIG) for IBM WebSphere Traditional V9.x, V1R1, to add the 31065 control. |
| CIS Benchmark for Microsoft Windows Server 2022, v4.0.0 | Re-release for CIS Benchmark for Microsoft Windows Server 2022, v4.0.0, to remove the 13925 control. |
| CIS Benchmark for Apache Tomcat 9, v1.2.0 | Re-release for CIS Benchmark for Apache Tomcat 9, v1.2.0, to update the regular expressions for CID 9553. |
| CIS Benchmark for Apache Tomcat 10, v1.1.0 | Re-release for CIS Benchmark for Apache Tomcat 10, v1.1.0, to update the regular expressions for CID 9553. |
| CIS Benchmark for Apache Tomcat 10.1, v1.1.0 | Re-release for CIS Benchmark for Apache Tomcat 10.1, v1.1.0, to update the regular expressions for CID 9553. |
| CIS Benchmark for Apache Tomcat 11, v1.0.0 | Re-release for CIS Benchmark for Apache Tomcat 11, v1.0.0, to update the regular expressions for CID 9553. |
| CIS Benchmark for Ubuntu Linux 16.04 LTS, v2.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 16.04 LTS, v2.0.0, to update the cardinality for CID 11325 and CID 14159. |
| CIS Benchmark for Ubuntu Linux 18.04 LTS, v2.2.0 | Re-release the CIS Benchmark for Ubuntu Linux 18.04 LTS, v2.2.0, to update the cardinality for CID 11325 and CID 14159. |
| CIS Benchmark for Ubuntu Linux 20.04 LTS, v3.0.0 | Re-release CIS Benchmark for Ubuntu Linux 20.04 LTS, v3.0.0, to update the cardinality for CID 11325 and CID 14159. |
| CIS Benchmark for Ubuntu Linux 22.04 LTS, v2.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 22.04 LTS, v2.0.0, to update the cardinality for CID 11325 and CID 14159. |
| CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0, to update the cardinality for CID 11325 and CID 14159. |
| CIS Benchmark for Cisco NX-OS 4.x, 5.x, 6.x, & 7.x, V1.1.0 | Re-release for CIS Benchmark for Cisco NX-OS 4.x, 5.x, 6.x, & 7.x, V1.1.0, to update the NL values of controls 19222, 15002, and 21241. |
| CIS Benchmark for Cisco NX-OS 9.x, V1.1.0 | Re-release for CIS Benchmark for Cisco NX-OS 9.x, V1.1.0, to update the NL values of controls 19222, 15002, and 21241. |
| CIS Benchmark for Cisco NX-OS 8.x, V1.1.0 | Re-release for CIS Benchmark for Cisco NX-OS 8.x, V1.1.0, to update the NL values of controls 19222, 15002, and 21241. |
| CIS Benchmark for Cisco NX-OS 10.x, V1.1.0 | Re-release for CIS Benchmark for Cisco NX-OS 10.x, V1.1.0, to update the NL values of controls 19222, 15002, and 21241. |
| CIS Benchmark for Cisco NX-OS, V1.2.0 | Re-release for CIS Benchmark for Cisco NX-OS, V1.2.0, to update the NL values of controls 19222, 15002, and 21241. |
| Safeguard Computer Security Evaluation Matrix for Cisco NX-OS, v6.2 | Re-release for Safeguard Computer Security Evaluation Matrix for Cisco NX-OS, v6.2, to update the NL values of controls 19222, 15002, and 21241. |
| Transportation Security Administration (TSA) for Network Device | Re-release for Transportation Security Administration (TSA) for Network Device,to update the NL values of controls 19222, 15002, and 21241. |
| Network and Information Systems (NIS 2 Directive) (EU) for Network Devices | Re-release for Network and Information Systems (NIS 2 Directive) (EU) for Network Devices, to update the NL values of controls 19222, 15002, and 21241. |
| 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Policy (SOC2) for Network Devices | Re-release for 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Policy (SOC2) for Network Devices, to change the controls 19222, 15002 and 21241. |
| US Cybersecurity Maturity Model Certification (CMMC) v2.0,Level 1 for Network Devices | Re-release for US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 1 for Network Devices, to change the controls 19222, 15002, and 21241. |
| CIS Benchmark for Oracle MySQL Community Server 8.4, v1.0.0 | Re-release for CIS Benchmark for Oracle MySQL Community Server 8.4, v1.0.0 , to update the regular expression for the CID 21737. |
| CIS Benchmark for Oracle Solaris 11.4, v1.1.0 | Re-release forCIS Benchmark for Oracle Solaris 11.4, v1.1.0, to update the regular expressions of CID 5385, 5388. |
| DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R9 | Re-release for DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R9, to add Rule ID and update regex for 18729 control. |
| CIS Benchmark for Apache HTTP Server 2.4, v2.2.0 | Re-release for CIS Benchmark for Apache HTTP Server 2.4, v2.2.0 to add multiple technologies. |
| Re-release for CIS Benchmark for Palo Alto Firewall 11, v1.1.0 | Re-release for CIS Benchmark for Palo Alto Firewall 11, v1.1.0, to update the regular expression for the CID 12140. |
| CIS Benchmark for MacOS 15 v1.1.0 | Re-release for CIS Benchmark for MacOS 15 v1.1.0, to update the regular expression for the CID 29666. |
| DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V2R4 | Re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V2R4, to add the 30450 control. |
| CIS Benchmark for Ubuntu Linux 22.04 LTS, v2.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 22.04 LTS, v2.0.0, to update the regular expression for the CID 23747. |
| CIS Benchmark forRed Hat Enterprise Linux 9 v2.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 9 v2.0.0, to remove the CID 27274. |
| CIS Benchmark for Ubuntu Linux 22 v2.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 22 v2.0.0, to add the CID 27929,27925, 27927 |
| CIS Benchmark for Microsoft Windows Server 2025, v1.0.0 | Re-release for CIS Benchmark for Microsoft Windows Server 2025, v1.0.0, to replace 21376 with 8279. |
| CIS Benchmark for RHEL 9, v2.0.0 | Re-release for CIS Benchmark for RHEL 9, v2.0.0, to replace 10859, 17971, 17972, 17973 with 29536. |
| CIS Benchmark for Cisco ASA 9.x, v1.1.0 | Re-release for CIS Benchmark for Cisco ASA 9.x, v1.1.0, to update the regular expression for the CID 12547. |
| CIS Benchmark for Oracle Linux 8, v3.0.0 | Re-release for CIS Benchmark for Oracle Linux 8, v3.0.0, to update the regular expression for the CID 28408, 28409. |
| CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0, to update the regular expression for the CID 28408, 28409. |
| Re-release for CIS Benchmark for PostgreSQL 12, v1.1.0 | Re-release for CIS Benchmark for PostgreSQL 12, v1.1.0, to add Multiple controls. |
Deprecated Policies
- DISA Apache Tomcat Application Server 9 Security Technical Implementation Guide, V3R1
- DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V2R3
- DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V2R4
- DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 8, V2R3
- DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R14
- DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2019 Mailbox Server, V2R2
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V3R3
- DISA Security Technical Implementation Guide (STIG) for Cisco ASA NDM, V2R2
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V3R3
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S, V3R1
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router NDM, V3R2
- CIS Benchmark for IBM i V7R5M0, v2.0.0
- CIS Benchmark for IBM i V7R4M0, v2.0.0
- CIS Benchmark for Microsoft Windows Server 2019 STIG, v3.0.0
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- DISA STIG for Arista MLS EOS 4.2x L2S,V2R3
- DISA STIG for Arista MLS EOS 4.2x NDM,V2R2
- DISA STIG for Arista MLS EOS 4.2x Router,V2R2
- DISA Red Hat JBoss Enterprise Application Platform (EAP) 6.3 STIG,V2R6
- DISA STIG for Palo Alto Networks NDM,V3R3
- CIS Benchmark for Microsoft Windows 11 Enterprise, v4.0.0, Spanish
- DISA STIG Mozilla Firefox STIG – Ver 6, Rel 6
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX,Ver 2 Rel 6
- DISA Security Technical Implementation Guide (STIG) for IIS 10.0 Server, V3R4
- DISA Security Technical Implementation Guide (STIG) for IIS 10.0 Site, V2R12
- DISA Security Technical Implementation Guide (STIG) for Kubernetes – Ver 2, Rel 4
- CIS VMware ESXi 7.0 Benchmark v1.5.0
- CIS Apple MacOS 15.0 Sequoia Intune Benchmark, v1.0.0
- CIS Apple MacOS 14.0 Sonoma Intune Benchmark, v1.0.0
- DISA Security Technical Implementation Guide (STIG) for Active Directory Forest, V3R2
- CIS IBM AIX 7 Benchmark, v1.1.0
- CIS Docker Benchmark, v1.8.0
- CIS Red Hat Enterprise Linux 10 Benchmark, v1.0.1
- CIS MongoDB 8 Benchmark v1.0.0
- CIS Apache Server 2.4 Windows Server Security Technical Implementation Guide STIG Benchmark, 1.0.0
- CIS Apache HTTP Server 2.4 Benchmark, v2.3.0
- CIS Microsoft Windows Server 2016 Benchmark, v4.0.0
- DISA STIG Microsoft Defender Antivirus STIG – Ver 2, Rel 6
- DISA STIG for F5 Big-IP Local Traffic Manager,V2R4
- DISA STIG for F5 Big-IP Device Management,V2R4
- DISA STIG for F5 Big-IP AFM,V2R2
- DISA STIG for Microsoft Office 365 ProPlus,V3R3
- DISA STIG for Juniper Router NDM,V3R2
What’s Next
Discover how Qualys Enterprise TruRiskTM Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more about it here.
Additional Information
Feel free to contact your Technical Account Manager (TAM) or Qualys Technical Support if you have any questions.
What’s More: