Policy Compliance Library Updates, December 2019

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The December release includes 2 CIS Benchmark policies, 1 Qualys Security Configuration and Compliance policy, several DISA STIG policies. Apart from adding new technology support, it also provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

New Technologies

  • FortiOS 5.x and 6.x

New CIS Benchmark Policy

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and also by contributing to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policy:

  • CIS Benchmark for macOS Safari v2.0.0
  • CIS Benchmark for Microsoft Windows 10 Release 1809 v1.6.1

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance Policy for Cisco NX-OS 8.x and 9.x

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) policy for Canonical Ubuntu 16.04 LTS STIG Ver 1, Rel 2
  • DISA Security Technical Implementation Guide (STIG) policy for Microsoft SQL Server 2016 Database and Instance
  • DISA Security Technical Implementation Guide (STIG) policy for Microsoft SQL Server 2014 Database and Instance
  • DISA Security Technical Implementation Guide (STIG) policy for Apache HTTP 2.2 on Linux

Updated Library Policies

Policy re-release:

  • The following policy is re-released to include additional controls and provide 100% coverage of SCSEM requirements:
    • Safeguard Computer Security Evaluation Matrix for Red Hat Enterprise Linux 7.x
  • The following policy is re-released to add support for Cisco NX-OS 8.x and 9.x:
    • Security Configuration and Compliance Policy for Cisco NX OS

Policy update for control configuration changes:

  • CIS Benchmark for Oracle Solaris 10, v5.2.0
  • CIS Benchmark for Oracle Solaris 11, v1.1.0
  • Security Configuration and Compliance Policy for Checkpoint Firewall

Policy update for control ID changes:

  • Compliance Checklist for MAS IBTRM (Monitory Authority of Singapore – Internet Banking and Technology Risk Management) Guidelines 3.0

Deprecated Policies

The following policies are deprecated and will not be supported from this release onwards:

  • Security Configuration and Compliance Policy for Microsoft Windows 10 (Version 1809)

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • CIS Benchmark for Apache Tomcat 9 v1.0.0
  • CIS Benchmark for Juniper OS v2.0.0
  • CIS Benchmark for Oracle MySQL Community Edition 5.7 v1.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 8 v1.0.0
  • Qualys Security Configuration and Compliance Policy for ATM/POS
  • DISA Security Technical Implementation Guide (STIG) policy for Microsoft SQL Server 2012 Ver 1 Rel 18

Updates:

  • CIS Benchmark for Apache Tomcat 8 Benchmark v1.1.0
  • CIS Benchmark for Microsoft SQL Server 2008 R2 v1.6.0
  • CIS Benchmark for VMware ESXI 6.7 v1.0.0
  • Security Configuration and Compliance Policy for Cisco WLC 8.x
  • Security Configuration and Compliance Policy for Cisco FTD 6.x

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

 

Share your Comments

Comments

Your email address will not be published. Required fields are marked *