Policy Compliance Library Updates, August 2020
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.
In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.
The August release includes 2 new vendor policies and a SCSEM policy, in addition to 8 CIS Benchmark policies and 2 DISA STIG policies. It also and provides updates to several existing policies in the Qualys Content Library.
Qualys’ Certification Page at CIS has been updated.
New CIS Benchmark Policy
CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS-certified policies in Policy Compliance and by contributing to the development of new benchmarks through the CIS Community.
This release contains the following new CIS Benchmark policies:
- CIS Benchmark for CentOS Linux 7 v3.0.0
- CIS Benchmark for Oracle Linux 7 Benchmark v3.0.0
- CIS Benchmark for Red Hat Enterprise Linux 7 v3.0.0
- CIS Benchmark for SUSE Linux Enterprise 15 v1.0.0
- CIS Benchmark for Mac OSX 10.14 (Include Not Scored checks)
- CIS Benchmark for Mac OSX 10.15 (Include Not Scored checks)
- CIS Benchmark for Oracle 18c v1.0.0
- CIS VMware ESXi 6.7 v1.1.0
New Vendor Policies
- Microsoft MDM Security Baseline for Windows 10
- Microsoft MDM Security Baseline for Defender Advanced Threat Protection
New Safeguard Computer Security Evaluation Matrix (SCSEM) Policy
- Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2019, v1.0
New DISA STIG Policies
- DISA Security Technical Implementation Guide (STIG) policy for IIS 8.5 Server V1R11 and Site V1R11
- DISA Security Technical Implementation Guide (STIG) policy for IIS 10 Server and Site V1R1
Deprecated Policies
The following policies are deprecated in the July 2020 package:
- CIS Benchmark for Red Hat Enterprise Linux 7, v2.2.0
- CIS Benchmark for CentOS Linux 7, v2.2.0
- CIS Benchmark for Oracle Linux 7, v2.1.0
- CIS Benchmark for VMware ESXi 6.7, V1.0.0
- DISA Security Technical Implementation Guide (STIG) for MongoDB Enterprise Advanced 3.x, V1R1
- DISA Security Technical Implementation Guide (STIG) for PostgreSQL 9.x, V1R6
- Qualys Security Configuration and Compliance Policy for Oracle Database 18c
- Qualys Security Configuration and Compliance Policy for SUSE Linux Enterprise Server 15
Updated Library Policies
- Policy update due to new standard release:
- DISA Security Technical Implementation Guide (STIG) policy for MongoDB Enterprise Advanced 3.x Version 1 Release 2
- DISA Security Technical Implementation Guide (STIG) policy for Cisco IOS XE NDM Version 1 Release 4
- DISA Security Technical Implementation Guide (STIG) policy for PostgreSQL 9.x, Version 1 Release 7
- Policy re-release to add release version as mentioned in CIS benchmark:
- CIS Benchmark for Microsoft Windows 2016 RTM (Release 1607), v1.2.0
- Policy update to exclude Control ID (17881):
- CIS Benchmark for Cisco IOS 16, v1.0.0
- Control ID 17881 has been removed from this policy.
- Policy update to exclude Control ID (4520):
- CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.2.0
- Control ID 4520 has been removed from this policy.
- Policy update to include additional controls:
- CIS Benchmark for Oracle Database 11gR2 on Linux, V2.2.0
- CIS Benchmark for Oracle Database 11gR2 on Windows, V2.2.0
Replaced the audit/logging sections
9906,1490,1722,8349,8941,8937,8350,1717,8563,8104,8351,8107,8111,8105,8108,1497,1495,1500,10216,8352,10217,1492 controls with 17900,17901,17905,17907,17908,17909,17910,17911,17912,17913,17914,17915,17916,17917,17918,17919,17920,17921,17922,17923,17924,17925 in the policies mentioned above.
- Policy update to exclude Control ID (11437):
- CIS Benchmark for Amazon Linux 2016, v2.0.0
- CIS Benchmark for Amazon Linux 2, v1.0.0
- Policy update to include Not Scored checks:
- CIS Benchmark for Apple macOS 10.14, v1.0.0
- CIS Benchmark for Apple macOS 10.15, v1.0.0
- Policy update or Control configuration changes (3936):
- CIS Benchmark for Red Hat Enterprise Linux 6, v2.1.0
- Policy update or Control configuration changes (9398):
- CIS Benchmark for VMware ESXi 6.5, V1.0.0
- Policy update or Control configuration changes (11491):
- CIS Benchmark for Microsoft SQL Server 2008 R2, v1.7.0
- CIS Benchmark for Microsoft SQL Server 2012, v1.6.0
- CIS Benchmark for Microsoft SQL Server 2014, v1.5.0
- CIS Benchmark for Microsoft SQL Server 2016, v1.2.0
- CIS Benchmark for Microsoft SQL Server 2017, v1.1.0
- CIS Benchmark for Microsoft SQL Server 2019, v1.1.0
Coming Next Month
The following policies and updates are currently planned for release to the policy library next month:
New Coverage:
- Qualys Security Configuration and Compliance Policy for Riverbed SteelHead Interceptor 7.x
- Qualys Security Configuration and Compliance Policy for ArubaOS 8.x
- Qualys Security Configuration and Compliance Policy for IBM z/OS Security Server RACF 2.x
- Qualys Security Configuration and Compliance Policy for Viptela vEdge 18.4.0.1
- Qualys Security Configuration and Compliance Policy for Pulse Connect Secure 9.x
- Microsoft Security Baseline for Windows 10 Release 1909
- Microsoft Security Baseline for Windows 10 Release 2004
Policy Updates:
- DISA Security Technical Implementation Guide (STIG) policy for RHEL 7 Version 2 Release 8
- DISA Security Technical Implementation Guide (STIG) policy for RHEL 6 Version 1 Release 26
- DISA Security Technical Implementation Guide (STIG) policy for WINDOWS 10 Version 1 Release 23
- DISA Security Technical Implementation Guide (STIG) policy for WINDOWS 2008 R2 DC Version 1 Release 34
- DISA Security Technical Implementation Guide (STIG) policy for Windows 2008 R2 MS Version 1 Release 33
- DISA Security Technical Implementation Guide (STIG) policy for Windows 2008 non-R2 DC Version 6 Release 46
- DISA Security Technical Implementation Guide (STIG) policy for Windows 2008 non-R2 MS Version 6 Release 47
- DISA Security Technical Implementation Guide (STIG) policy for Windows 2012 R2 and non-R2 DC Version 2 Release 21
- DISA Security Technical Implementation Guide (STIG) policy for Windows 2012 R2 and non-R2 MS Version 2 Release 19
- DISA Security Technical Implementation Guide (STIG) policy for Windows 2016 Version 1 Release 12
- DISA Security Technical Implementation Guide (STIG) policy for Windows 2019 Version 1 Release 5
- DISA Security Technical Implementation Guide (STIG) policy for Oracle 11.2g Version 1 Release 19
- DISA Security Technical Implementation Guide (STIG) policy for Oracle 12c Version 1 Release 18
- DISA Security Technical Implementation Guide (STIG) policy for Internet Explorer 11 Version 1 Release 19
- DISA Security Technical Implementation Guide (STIG) policy for Google Chrome Version 1 Release 19
- DISA Security Technical Implementation Guide (STIG) policy for Mozilla Firefox Version 4 Release 29
- DISA Security Technical Implementation Guide (STIG) policy for Ubuntu 16.x Version 1 Release 5
- DISA Security Technical Implementation Guide (STIG) policy for OEL 6 Version 1 Release 19
- DISA Security Technical Implementation Guide (STIG) policy for OEL 7 Version 1 Release 2
- DISA Security Technical Implementation Guide (STIG) policy for SuSE 12 Version 1 Release 6
- DISA Security Technical Implementation Guide (STIG) policy for Windows 8.1 Version 1 Release 23
- DISA Security Technical Implementation Guide (STIG) policy for MSSQL 2014 Instance Version 1 Release 10
- DISA Security Technical Implementation Guide (STIG) policy for MSSQL 2016 Database Version 1 Release 5 and Instance Version 1 Release 8
- DISA Security Technical Implementation Guide (STIG) policy for Windows 7 Version 1 Release 32
- Qualys Security Configuration and Compliance Policy for ArubaOS 6.x
- Qualys Security Configuration and Compliance Policy for Riverbed SteelHead RiOS 9.x
If you have any questions, please contact your TAM or Technical Support. See all library updates.