Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.
In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.
In Q4 2016, Qualys added new policies for CIS as well as Qualys Recommended policies, and provided updated versions for minor changes to a number of CIS policies.
New CIS Benchmarks
CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.
Qualys’ Certification Page at CIS has been updated: https://benchmarks.cisecurity.org/membership/certified/qualys
Recent additions to the policy library include the following certified CIS Benchmarks:
- CIS Benchmark for Apache Tomcat 7 v.1.1.0
- CIS Benchmark for Debian Linux 7, v1.0.0
- CIS Benchmark for Debian Linux 8, v1.0.0
- CIS Benchmark for Ubuntu 12.04 LTS Server, v1.1.0
- CIS Benchmark for Ubuntu 14.04 LTS Server, v1.0.0
New Qualys Recommended, Vendor Recommended, or Mandate-Based Policies
- ISO/IEC 27001:2013 for Windows
- Security and Compliance Policy for Checkpoint Firewall
- Security and Compliance Policy for Cisco IOS XE
- Security and Compliance Policy for IBM WebSphere Application Server Version 7.x
- Security and compliance policy for IBM WebSphere Application Server Version 8.x
- Security and Compliance policy for Oracle WebLogic Server 11g and 12c
- Security and Compliance Policy for Sybase ASE 15.0
Updated Library Policies
- CIS Benchmark for Microsoft Windows Server 2012 R2, v2.2.0
- CIS Benchmark for Microsoft Windows 7, v2.1.0
- CIS Benchmark for Microsoft Windows 8, v1.0.0
- CIS Benchmark for Microsoft Windows 8.1, v2.1.0
- CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511), v1.1.0
- CIS Benchmark for Oracle Solaris 11, v1.1.0
- Microsoft Security Compliance Manager (SCM) Baseline for Windows 8
- Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 R2
- Microsoft Security Compliance Manager (SCM) Baseline for Windows 10 version 1511
- Health Insurance Portability and Accountability (HIPAA) – Security Rule Standards and Implementation Specifications)
- NIST Cyber Security Framework (CSF) v1.0
- PCI-DSS (Payment Card Industry Data Security Standard) v3.2
If you have any questions, please contact your TAM or Technical Support.