Policy Compliance Library Updates, June 2020

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The June release includes 5 CIS Benchmark policies, 7 DISA STIG policies, and provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policy

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and by contributing to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

  • CIS Benchmark for Debian Linux 10 v1.0.0
  • CIS Benchmark for Mac OSX 10.14
  • CIS Benchmark for Mac OSX 10.15
  • CIS Benchmark for Microsoft Windows Server 2012 (non-R2) Benchmark v2.2.0
  • CIS Benchmark for Microsoft Windows Server 2012 R2 v2.4.0

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) policy for HP-UX 11.31 V1R19
  • DISA Security Technical Implementation Guide (STIG) policy for Oracle Linux 6 Ver 1, Rel 17
  • DISA Security Technical Implementation Guide (STIG) for Windows 10, V1R21
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks IDPS, V1R4
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks NDM, V1R4
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V1R5
  • DISA Security Technical Implementation Guide (STIG) policy for Oracle Linux 7 Version 1 Release 1

Deprecated Policies

The following policies are deprecated in the June 2020 package:

  • CIS Benchmark for Microsoft Windows 2012 R2, v2.3.0
  • CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.1.0
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V1R3
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks IDPS, V1R1
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks NDM, V1R3
  • DISA Security Technical Implementation Guide (STIG) for Windows 10, V1R16
  • Security Configuration and Compliance Policy for Apple macOS 10.14
  • Security Configuration and Compliance Policy for Apple macOS 10.15

Updated Library Policies

  • Policy update to include “Not Scored Controls”:
    • CIS Benchmark for IBM DB2 9 v3.0.1
    • CIS Benchmark for IBM DB2 10 v1.1.0
  • Policy update to include “Not Scored Controls” and for audit control changes:
    • CIS Benchmark for Microsoft Windows 2019 (Release 1809), v1.1.0

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:
  • CIS Benchmark for Amazon Linux 2 STIG v1.0.0
  • CIS Benchmark for CentOS Linux 7 v3.0.0
  • CIS Benchmark for Check Point Firewall v1.1.0
  • CIS Benchmark for Oracle Database 12c, v3.0.0
  • CIS Benchmark for Oracle Linux 7 v3.0.0
  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.2.0
  • CIS Benchmark for Microsoft Windows Server 2016 RTM (Release 1607) v1.2.0
  • CIS Benchmark for Microsoft Windows 7 Workstation, v3.2.0
  • CIS benchmark for Microsoft Windows 8.1 Workstation, v2.4.0
  • CIS Benchmark for Red Hat Enterprise Linux 7 v3.0.0
  • CIS Benchmark for SUSE Linux Enterprise 15 v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for VMware ESXi 5 Server STIG V1R10
  • DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x Ver 1, Rel 1
  • Microsoft Intune – MDM Security Baseline for Windows 10
  • Microsoft Intune – Defender ATP Baseline for Windows 10
Policy Updates:
  • DISA Security Technical Implementation Guide (STIG) for Windows 2008 non-R2 DC Version 6 Release 44
  • DISA Security Technical Implementation Guide (STIG) for Windows 2008 non-R2 MS Version 6 Release 45
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE NDM Version 1 Release 2 
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE RTR Version 1 Release 2
  • DISA Security Technical Implementation Guide (STIG) for VMware ESXi 6 Ver 1 Rel 5

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

Share your Comments

Comments

Your email address will not be published.