Policy Audit Library Updates, November 2025
Qualys’ library of built-in policies makes it easy to comply with the widely adopted security standards and regulations. The platform offers a broad range of policies, including many that have been certified by the Center for Internet Security (CIS), as well as security guidelines and industry best practices from operating system and application vendors.
Qualys’ Certification Page on the CIS website has also been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmark policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. By leveraging industry best practices, these guidelines help reduce the risk of cyberattacks, such as data breaches.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). These guidelines equip organizations with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks that safeguard sensitive data and help ensure privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in November 2025:
| CIS Benchmark Policies | 16 |
| DISA STIG Policy | 29 |
| Industry Best Practices Policy | 1 |
| New Supported Mandates | 0 |
| Deprecated Mandates | 0 |
Listed below are the newly published policies and mandates:
| CIS Benchmark Policies | CIS Benchmark for Google Kubernetes Engine (GKE), v1.8.0 CIS Benchmark for Apple macOS 14.0 Sonoma Cloud tailored Benchmark v1.1.0 CIS Benchmark for Apple macOS 13.0 Ventura cloud-tailored Benchmark v1.1.0 CIS Benchmark for Red Hat Enterprise Linux 10, v1.0.1 CIS Benchmark for MongoDB 8, v1.0.0 CIS Benchmark for Microsoft Windows Server 2016, v4.0.0 CIS Benchmark for Apple MacOS 26, v1.0.0 CIS Benchmark for VMware ESXi 7.0 Benchmark v1.5.0 CIS Benchmark for Apple MacOS 15.0 Sequoia Intune Benchmark, v1.0.0 CIS Benchmark for Apple MacOS 14.0 Sonoma Intune Benchmark, v1.0.0 CIS Benchmark for IBM AIX 7 Benchmark, v1.1.0 CIS Benchmark for Docker Benchmark, v1.8.0 CIS Benchmark for Apple macOS 12.0 Sonoma Cloud-tailored Benchmark, v1.1.0 CIS Benchmark for Apache HTTP Server 2.4 Benchmark, v2.3.0 CIS Benchmark for Oracle MySQL Enterprise Edition 8.0 Benchmark, 1.5.0 CIS Benchmark for Oracle MySQL Community Server 8.0 Benchmark, 1.2.0 |
| DISA STIG Policies | DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V3R3 DISA Security Technical Implementation Guide (STIG) for F5 Big-IP Local Traffic Manager, V2R4 DISA Security Technical Implementation Guide (STIG) for F5 Big-IP Device Management, V2R4 DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Database, V3R3 DISA Security Technical Implementation Guide (STIG) for F5 Big-IP AFM, V2R2 DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V3R4 DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V3R3 DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Instance, V3R5 DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x L2S, V2R3 DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x NDM, V2R2 DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x Router, V2R2 DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM, V3R2 DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks NDM, V3R3 DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox, V6R6 DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 MS, V3R7 DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 MS, V3R7 DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 DC, V3R7 DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 DC, V3R7 DISA Security Technical Implementation Guide (STIG) for IIS 10.0 Server, V3R4 DISA Security Technical Implementation Guide (STIG) for IIS 10.0 Site, V2R12 DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2022 Database, V1R1 DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2022 Instance, V1R1 DISA Security Technical Implementation Guide (STIG) for Microsoft Defender Antivirus STIG, Ver 2, Rel 6 DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for Windows, V3R3 DISA Security Technical Implementation Guide (STIG) for Ivanti Connect Secure NDM, V2R2 DISA Security Technical Implementation Guide (STIG) for Red Hat JBoss Enterprise Application Platform (EAP) 6.3 STIG, V2R6 DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x, V3R1 DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for Windows, V2R2 DISA Security Technical Implementation Guide (STIG) for Infoblox 8.x DNS, V1R2 |
| Industry and Best Practices Policies | Safeguard Computer Security Evaluation Matrix for VMWare ESXi 8.0, v5.0 |
| New Supported Mandates | NA |
| Deprecated mandates | NA |
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
| Policy | Update |
| Security Configuration and Compliance Policy for Splunk on Linux | Re-release for Security Configuration and Compliance Policy for Splunk on Linux to add the ‘Splunk 9.x’ technology. |
| CIS Benchmark for Apple macOS 15 Sequoia, v1.1.0 | Re-release for CIS Benchmark for Apple macOS 15 Sequoia, v1.1.0, to update the regular expressions due to an update in Signature on CID 29666 |
| CIS Benchmark for Palo Alto Firewall 10, v1.2.0 | Re-release for CIS Benchmark for Palo Alto Firewall 10, v1.2.0, to update the regular expression for the CIDs 13911 and 13912. |
| CIS Benchmark for Apache Tomcat 9, v1.2.0 | Re-release for CIS Benchmark for Apache Tomcat 9, v1.2.0, to add the CID 31244. |
| DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R9 | Re-release for DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R9, to remove Rule ID and update the regular expression for 18729 control. |
| Security Configuration and Compliance Policy for IBM HTTP Server | Re-release for Security Configuration and Compliance Policy for IBM HTTP Server, to add IBM HTTP Server 8.x and 7.x technologies. |
| CIS Benchmark for Apache HTTP Server 2.4, v2.2.0 | Re-release for CIS Benchmark for Apache HTTP Server 2.4, v2.2.0, to update the regular expression of CID 7595 and 10881. |
| CIS Benchmark for Amazon Linux 2, v3.0.0 | Re-release for CIS Benchmark for Amazon Linux 2, v3.0.0 , to review and update the multiple controls. |
| CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0, to review and update the multiple controls. |
| DISA Security Technical Implementation Guide (STIG) for Citrix XenDesktop 7.x | Re-release for DISA Security Technical Implementation Guide (STIG) for Citrix XenDesktop 7.x, to update all versions. |
| Security Configuration and Compliance Policy for Amazon RDS – Oracle Database v.1.0 | Re-release for Security Configuration and Compliance Policy for Amazon RDS – Oracle Database v.1.0. |
| Security Configuration and Compliance Policy for Amazon RDS – PostgreSQL Database v.2.0 | Re-release for Security Configuration and Compliance Policy for Amazon RDS – PostgreSQL Database v.2.0. |
| Security Configuration and Compliance Policy for Amazon RDS – MySQL Database v. 1.0 | Re-release for Security Configuration and Compliance Policy for Amazon RDS – MySQL Database v. 1.0. |
| CIS Benchmark for Apache Tomcat 10.1, v1.1.0 | Re-release for CIS Benchmark for Apache Tomcat 10.1, v1.1.0, to update the regular expression for the CID 9615. |
| NIST 800-53 Rev 4 for Microsoft Windows | Re-release for NIST 800-53 Rev 4 for Microsoft Windows, to update the regex for the CID 8530. |
| NIST 800-53 Rev 5 for Microsoft Windows | Re-release for NIST 800-53 Rev 5 for Microsoft Windows, to update the regex for the CID 8530. |
| CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0, to update the regular expression for the CID 10666. |
| CIS Benchmark for Red Hat Enterprise Linux 8, v2.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 8, v2.0.0, to combine the Audit Procedures CIDs 10859, 17972, 17971, and 19793 with CID-29536. |
| CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0, to combine the Audit Procedures CIDs 10859, 17972, 17971, and 19793 with CID-29536. |
| DISA Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS, V2R5 | Re-release for DISA Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS, V2R5, to add the 31234 control. |
Deprecated Policies
- CIS Benchmark for Google Kubernetes Engine (GKE), v1.7.0
- DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V3R2
- CIS Benchmark for Microsoft Windows Server 2016, v3.0.0
- DISA Security Technical Implementation Guide (STIG) for F5 Big-IP Local Traffic Manager, V2R3
- DISA Security Technical Implementation Guide (STIG) for F5 Big-IP Device Management, V2R3
- DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Database, V3R2
- DISA Security Technical Implementation Guide (STIG) for F5 Big-IP AFM, V1R1
- DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V3R3
- DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V3R2
- DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Instance, V3R3
- DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM, V3R1
- DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x L2S, V2R1
- DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x NDM, V2R1
- DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x Router, V2R1
- Security Configuration and Compliance Policy for MacOS 26.x
- Qualys Security Configuration and Compliance Policy for Red Hat Enterprise Linux 10.x
- DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks NDM, V3R2
- DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox, V6R5
- CIS Benchmark for Microsoft SQL Server 2022, v1.0.0.
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- DISA Security Technical Implementation Guide (STIG) for IBM zOS RACF V9R4
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX,Ver 2 Rel 6
- DISA Security Technical Implementation Guide (STIG) for Kubernetes, Ver 2, Rel 4
- CIS Kubernetes Benchmark, v1.12
- DISA STIG for VMware vSphere 7.0 Virtual Machine, V1R4
- DISA STIG for VMWare vSphere vCenter Server 8, V2R3
- DISA STIG for VMware vSphere ESXi 7.0, V1R4
- DISA STIG for VMware vSphere ESXi 8.0, V2R3
- CIS Apple macOS 13.0 Ventura v4.0.0
- CIS Apple macOS 14.0 Sonoma v3.0.0
- CIS Apple macOS 15 Sequoia v2.0.0
- CIS Microsoft Edge v4.0.0
- CIS Benchmark for Microsoft Windows 11 Enterprise, v4.0.0 [Automated and Manual, All Profiles] – Spanish
- CIS Azure Kubernetes Service (AKS) Benchmark, v1.8.0
- CIS Amazon Elastic Kubernetes Service (EKS) Benchmark, v1.8.0
- CIS Palo Alto Firewall 10 Benchmark, v1.3.0
- CIS Benchmark for Palo Alto Firewall 11, v1.2.0
- Security baseline Windows 11, version 25H2
What’s More
Discover how Qualys Enterprise TruRiskTM Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more about it here.
Additional Information
Feel free to contact your Technical Account Manager (TAM) or Qualys Technical Support if you have any questions.