Policy Compliance Library Updates, March 2019

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The January release includes the following new policy and updates:

• New CIS Benchmark for Ubuntu and PostgreSQL
• Updates to almost 60 existing library policies

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmarks

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

• CIS Benchmark for Ubuntu Linux 18.04 LTS v1.0.0
• CIS Benchmark for PostgreSQL 9.6 v1.0.0

Updated Library Policies

• Policy update for Unified Auditing Controls:
  • CIS Benchmark for Oracle Database 12c on Linux, V2.1.0
• Policy update for code change in CIDs 1153, 13343, 8274, 8231, 10431, 9809, 9810, 9811, and 2581:
  • Abu Dhabi Systems and Information Centre – Information Security Standards (Abu Dhabi Government) Version 2.0
  • Australia Information Security Manual (Information Technology Security) for Windows
  • CIS Benchmark for Windows XP, v2.0.1
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511), v1.1.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1607), v1.2.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0
  • CIS Benchmark for Microsoft Windows Server 2003, v3.1.0
  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.1.0
  • CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.1.0
  • CIS Benchmark for Windows 8.1 Workstation, v2.3.0
  • CIS Benchmark for Microsoft Windows 8, v1.0.0
  • CIS Benchmark for Microsoft Windows 2012 R2, v2.3.0
  • CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.1.0
  • CIS Benchmark for Microsoft Windows 7 Workstation, v3.1.0
  • DISA Security Technical Implementation Guide (STIG) for Windows 10, V1R12
  • DISA Security Technical Implementation Guide (STIG) for Windows 7, V1R29
  • DISA Security Technical Implementation Guide (STIG) for Windows 8.1, V1R20
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 (non-R2) DC, V6R39
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 (non-R2) MS, V6R39
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 DC, V1R25
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 MS, V1R25
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2) DC, V2R11
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2) MS, V2R11
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 DC, V2R11
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 MS, V2R11
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 DC, V1R3
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 MS, V1R3
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 Domain Controller
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 Member Server
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 R2 Domain Controller
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 R2 Member Server
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 Domain Controller
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 Member Server
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 R2 Member Server
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 R2 Domain Controller
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2016 Domain Controller
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2016 Member Server
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows 10 version 1511
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows 7
  • NERC CIPv5 for Windows
  • NIST 800-53 Rev 4 for Microsoft Windows
  • United States Government Configuration Baseline (USGCB) for Microsoft Windows 7
  • United States Government Configuration Baseline (USGCB) for Microsoft Windows 10
  • Security Configuration and Compliance Policy for Microsoft Windows 10 (Version 1803)
• Policy update for code change in CID 4406
  • Security Configuration and Compliance Policy for Cisco IOS 12.x, v1.0
  • CIS Benchmark for Cisco IOS 15, V4.0.0 [Scored and Not Scored, Level 1
  • CIS Benchmark for Cisco IOS 15, V4.0.0 [Scored and Not Scored, Level 1 and Level 2
  • Security Configuration and Compliance Policy for Cisco IOS XE
  • Abu Dhabi Systems and Information Centre – Information Security Standards (Abu Dhabi Government) Version 2.0
• Policy update to support IE-specific technology controls for Windows:
  • CIS Benchmark for Microsoft Internet Explorer 10, v1.1.0
  • CIS Benchmark for Microsoft Internet Explorer 11, v1.0.0
• Policy update to support Splunk-specific technology controls for Linux:
  • Qualys Security Configuration and Compliance Policy for Splunk on Linux
• Policy update for changes in controls configuration:
  • NIST 800-53 Rev 4 for Linux
• Policy refresh for the following library policy:
  • CIS Benchmark for Microsoft Windows 2016, v1.1.0
• Policy update for replace CID 11566 with 4114 and 11567 with 4113:
  • NIST 800-53 Rev 4 for Microsoft Windows
• Policy update for replace CID 10513 with 9431:
  • CIS Benchmark for Microsoft Windows 2012 R2, v2.3.0
• Policy update for replace CID 3781 with 8365:
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows 7
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 Member Server]

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

• CIS Benchmark for Amazon Linux 2 Benchmark v1.0.0
• DISA STIG Policy for Google Chrome V1R15
• DISA STIG policy for VMware vSphere 6.0 ESXi STIG V1R5
• Qualys Security Configuration and Compliance policy for Windows 2019
• Qualys Security Configuration and Compliance policy for Oracle 18c

Updates:

• DISA STIG Policy for IE 11 V1R16
• DISA STIG Policy for Windows 2008 (non-R2) V6R41, Member Server
• DISA STIG Policy for Windows 2008 (non-R2) V6R42, Domain Controller
• DISA STIG Policy for Windows 2008 R2 V1R28, Member Server
• DISA STIG Policy for Windows 2008 R2 V1R29, Domain Controller
• DISA STIG Policy for Windows 2012 (non-R2) V2R14, Member Server
• DISA STIG Policy for Windows 2012 (non-R2) V2R15, Domain Controller
• DISA STIG Policy for Windows 2012 R2 V2R14, Member Server
• DISA STIG Policy for Windows Server 2012 R2 V2R15, Domain Controller
• DISA STIG Policy for Windows 2016 V1R7, Domain Controller
• DISA STIG Policy for Windows 2016 V1R7, Member Server
• DISA STIG Policy for Windows 10 V1R16
• DISA STIG Policy for RHEL 6 V1R21
• DISA STIG Policy for RHEL 7 V2R2

If you have any questions, please contact your TAM or Technical Support.  See all library updates.