Policy Compliance Library Updates, April & May 2019

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The April 2019 release includes the following new policy and updates:

2 new Industry and Best Practice policies
1 new policy for CIS Benchmarks
5 new DISA STIG policies

The May 2019 release includes the following new policy and updates:

2 new Industry and Best Practice policies
Over 40 updated policies

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and also by contributing to the development of new benchmarks through the CIS Community.

The April release contains the following new CIS Benchmark policy:

CIS Benchmark for PostgreSQL 10 v1.0.0

New Industry and Best Practice Policies

Qualys Security Configuration and Compliance Policy for Oracle Enterprise Linux
Qualys Security Configuration and Compliance Policy for Apache Tomcat 9
Qualys Security Configuration and Compliance Policy for SuSE Linux Enterprise Server (SLES) 15
Qualys Security Configuration and Compliance Policy for OpenSUSE 15

New DISA STIG Policies

DISA Security Technical Implementation Guide (STIG) policy for Palo Alto Networks NDM V1R3
DISA Security Technical Implementation Guide (STIG) policy for Palo Alto Networks ALG V1R3
DISA Security Technical Implementation Guide (STIG) policy for Palo Alto Networks IDPS V1R1
DISA Security Technical Implementation Guide (STIG) policy for Cisco IOS XE Release 3 NDM V1R5
DISA Security Technical Implementation Guide (STIG) policy for Cisco IOS XE Release 3 RTR V1R3

Updated Library Policies (April package)

Policy update for control configuration changes:

CIS Benchmark for Ubuntu Linux 18.04 LTS, v1.0.0
CIS Benchmark for Ubuntu Linux 16.04 LTS, v1.1.0
CIS Benchmark for Red Hat Enterprise Linux 7, v2.2.0
CIS Benchmark for Red Hat Enterprise Linux 6
CIS Benchmark for Oracle Linux 7, v2.1.0
CIS Benchmark for Oracle Linux 6, v1.1.0
CIS Benchmark for IBM AIX 6.1, v1.1.0
CIS Benchmark for IBM AIX 7.1, v1.1.0
DISA Security Technical Implementation Guide (STIG) for Windows 10, V1R16
DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 DC, V1R7
DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 MS, V1R7
CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0
CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511)
CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1607), v1.2.0
CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0
CIS Benchmark for Microsoft Windows Server 2003, v3.1.0
CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.1.0
CIS Benchmark for Microsoft Windows Server 2008 R2, v3.1.0
CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.1.0
CIS Benchmark for Microsoft Windows 2012 R2, v2.3.0
CIS Benchmark for Microsoft Windows 7 Workstation, v3.1.0
CIS Benchmark for Windows 8.1 Workstation, v2.3.0
CIS Microsoft Windows Server 2016, v1.0.0
CIS Benchmark for Microsoft Windows 2016, v1.1.0
Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2016 [Domain Controller]
Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2016 [Member Server]
Security Configuration and Compliance Policy for Windows Server 2019
Microsoft Security Baseline for Windows Server 2019 [Domain Controller]
Microsoft Security Baseline for Windows Server 2019 [Member Server]

Updated Library Policies (May package)

Policy update for control configuration changes:

CIS Benchmark for SUSE Enterprise Linux Server 11.x, v2.1.0
CIS Benchmark for SUSE Linux Enterprise 12.x, v2.1.0
CIS Benchmark for Amazon Linux 2, v1.0.0

Policy update for Regex changes in control 7473:

NIST 800-53 Rev 4 for Linux

Policy update for new NL value addition in Windows advanced audit controls:

Abu Dhabi Systems and Information Centre – Information Security Standards (Abu Dhabi Government) Version 2.0
Adobe Common Controls Framework for Microsoft Windows
Australian Signals Directorate (ASD) Top 4 Strategies (Mitigate Targeted Cyber Intrusions) for Windows
Australia Information Security Manual (Information Technology Security) for Windows
NERC CIPv5 for Windows
NIST 800-53 Rev 4 for Microsoft Windows
United States Government Configuration Baseline (USGCB) for Microsoft Windows 10
United States Government Configuration Baseline (USGCB) for Microsoft Windows 7
CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511), v1.1.0
CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1607), v1.2.0
CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0
CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0
DISA Security Technical Implementation Guide (STIG) for Windows 10, V1R16
CIS Benchmark for Microsoft Windows Server 2008 R2, v3.1.0
DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 DC, V1R29
DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 MS, V1R28
Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 R2 Domain Controller
Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 R2 Member Server
CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.1.0
DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 (non-R2) DC, V6R42
DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 (non-R2) MS, V6R41
Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 Domain Controller
Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 Member Server
CIS Benchmark for Microsoft Windows 2012 R2, v2.3.0
Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 R2 [Domain Controller]
Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 R2 [Member Server]
CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.1.0
Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 Domain Controller
Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 Member Server
CIS Benchmark for Microsoft Windows 2016, v1.1.0
CIS Microsoft Windows Server 2016, v1.0.0
Security Configuration and Compliance Policy for Windows Server 2019
CIS Benchmark for Windows 8.1 Workstation, v2.3.0
Microsoft Security Compliance Manager (SCM) Baseline for Windows 8.1
DISA Security Technical Implementation Guide (STIG) for Windows 8.1, V1R20
CIS Benchmark for Windows XP, v2.0.1
CIS Benchmark for Microsoft Windows 8, v1.0.0
DISA Security Technical Implementation Guide (STIG) for Windows 7, V1R29
CIS Benchmark for Microsoft Windows 7 Workstation, v3.1.0
Microsoft Security Compliance Manager (SCM) Baseline for Windows 7
Microsoft Security Compliance Manager (SCM) Baseline for Windows 8

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

Qualys Security Configuration and Compliance Policy for MongoDB 4.x
Qualys Security Configuration and Compliance Policy for SELinux in PC library
Qualys Security Configuration and Compliance Policy for Data Domain OS 5 (OCA)
Qualys Security Configuration and Compliance Policy for Brocade Fabric 7.x (OCA)
Qualys Security Configuration and Compliance Policy for Brocade Fabric 8.x (OCA)

If you have any questions, please contact your TAM or Technical Support. See all library updates.