Policy Compliance Library Updates, July 2020

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The July release includes 14 CIS Benchmark policies, 2 DISA STIG policies, 2 Industry and Best Practice policies, and provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policy

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and by contributing to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

  • CIS Benchmark for Amazon Linux 2 STIG Benchmark v1.0.0
  • CIS Benchmark for Check Point Firewall, v1.1.0
  • CIS Benchmark for Microsoft SQL Server 2008, R2 v1.7.0
  • CIS Benchmark for Microsoft SQL Server 2012, v1.6.0
  • CIS Benchmark for Microsoft SQL Server 2014, v1.5.0
  • CIS Benchmark for Microsoft SQL Server 2016, v1.2.0
  • CIS Benchmark for Microsoft SQL Server 2017, v1.1.0
  • CIS Benchmark for Microsoft SQL Server 2019, v1.1.0
  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.2.0
  • CIS Benchmark for Microsoft Windows Server 2008 (non-R2), v3.2.0
  • CIS Benchmark for Microsoft Windows Server 2016 RTM (Release 1607), v1.2.0
  • CIS Benchmark for Microsoft Windows 8.1 Workstation, v2.4.0
  • CIS Benchmark for Microsoft Windows 7 Workstation, v3.2.0
  • CIS Benchmark for Oracle Database 12c, v3.0.0

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance policy for HP Safeguard (OCA)
  • Qualys Security Configuration and Compliance policy for HP and Samsung Printers (OCA)

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) policy for VMware ESXi 5 Server STIG V1R10
  • DISA Security Technical Implementation Guide (STIG) policy for IBM AIX 7.x, V1R1

Deprecated Policies

The following policies are deprecated in the July 2020 package:

  • Windows 2008
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 (non-R2) MS, V6R41
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 (non-R2) DC, V6R42
    • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.1.0
    • CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.1.0
  • Windows 7
    • CIS Benchmark for Microsoft Windows 7 Workstation, v3.1.0
  • Windows 8.1
    • CIS Benchmark for Windows 8.1 Workstation, v2.3.0
  • Windows 2016
    • CIS Benchmark for Microsoft Windows 2016, v1.1.0
  • Check Point Firewall
    • Security Configuration and Compliance Policy for Checkpoint Firewall
  • MSSQL 2019
    • CIS Benchmark for Microsoft SQL Server 2019, v1.0.0
  • MSSQL 2017
    • CIS Benchmark for Microsoft SQL Server 2017, v1.0.0
  • MSSQL 2016
    • CIS Benchmark for Microsoft SQL Server 2016, v1.1.0
  • MSSQL 2014
    • CIS Benchmark for Microsoft SQL Server 2014, v1.4.0
  • MSSQL 2012
    • CIS Benchmark for Microsoft SQL Server 2012, v1.5.0
  • MSSQL 2008
    • CIS Benchmark for Microsoft SQL Server 2008 R2, v1.6.0
  • Oracle 12
    • CIS Benchmark for Oracle Database 12c on Linux, V2.1.0
    • CIS Benchmark for Oracle Database 12c on Windows, V2.1.0

Updated Library Policies

  • Policy update due to new standard release:
    • DISA Security Technical Implementation Guide (STIG) policy for Windows 2008 non-R2 DC Version 6 Release 45
    • DISA Security Technical Implementation Guide (STIG) policy for Windows 2008 non-R2 MS Version 6 Release 44
  • Policy update to include additional controls:
    • DISA Security Technical Implementation Guide (STIG) policy for VMware vSphare 6.x Ver 1 Rel 5
    • DISA Security Technical Implementation Guide (STIG) policy for SuSE Enterprise Linux 12 V1R5
  • Policy update for Control ID changes:
    • NIST 800-53 Rev 4 for Microsoft Windows
  • Policy update to include new technology support (PANOS 9.x):
    • NIST 800-53 Rev 4 for Network Devices
  • Policy update for control configuration changes:
    • CIS Benchmark for Microsoft Windows 2019 (Release 1809), v1.1.0

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:
  • CIS Benchmark for Linux 7 v3.0.0
  • CIS Benchmark for Oracle Linux 7 v3.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 7 v3.0.0
  • CIS Benchmark for SuSE Linux Enterprise 15 v1.0.0
  • CIS Benchmark for VMware ESXi 6.7 v1.1.0
  • DISA Security Technical Implementation Guide (STIG) policy for IIS 8.5 Server V1R10 and Site V1R10
  • DISA Security Technical Implementation Guide (STIG) policy for IIS 10 Server and Site V1R1
  • Microsoft Intune – MDM Security Baseline for Windows 10
  • Microsoft Intune – Defender ATP Baseline for Windows 10
  • Qualys Security Configuration and Compliance Policy for ArubaOS 6.x
  • Qualys Security Configuration and Compliance Policy for ArubaOS 8.x
  • Qualys Security Configuration and Compliance Policy for IBM z/OS Security Server RACF 2.x
  • Qualys Security Configuration and Compliance Policy for Microsoft Windows 10 Release 2004    
  • Qualys Security Configuration and Compliance Policy for Riverbed SteelHead RiOS 9.x
  • Qualys Security Configuration and Compliance Policy for Riverbed SteelHead Interceptor 7.x
  • DISA Security Technical Implementation Guide (STIG) policy for Cisco IOS XE NDM Version 1 Release 2
Policy Updates:
  • CIS Benchmark for Mac OSX 10.14
  • CIS Benchmark for Mac OSX 10.15

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

Share your Comments

Comments

Your email address will not be published.