Policy Compliance Library Updates, November 2020

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The November release includes 5 CIS Benchmark policies, 9 DISA STIG policies, 1 new vendor policy, 10 new Industry and Best Practice policies, and provides updates to several existing policies in the Qualys Content Library. With this policy update, Qualys discontinues its support for HITRUST mandates and policies.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policy

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and by contributing to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policy:

  • CIS Benchmark policy for Amazon Linux v2.1.0
  • CIS Benchmark policy for Kubernetes v1.6.1
  • CIS Benchmark policy for Ubuntu 20 v1.0.0
  • CIS Benchmark policy for Oracle Database 19c Benchmark, v1.0.0
  • CIS Benchmark policy for Windows Server 2016 STIG v1.0.0

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) policy for F5 BIG IP 11
  • DISA Security Technical Implementation Guide (STIG) for Apache Server 2.4 UNIX
  • DISA Security Technical Implementation Guide (STIG) for Apache Server 2.4 Windows
  • DISA Security Technical Implementation Guide (STIG) for Apache HTTP 2.2 on Windows
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE RTR Version 1 Release 4
  • DISA Security Technical Implementation Guide (STIG) for Oracle WebLogic Server 12c Ver 1 Rel 6
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016 STIG – Ver 1, Rel 1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Excel 2016 – Ver 1, Rel 1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Word 2016 – Ver 1, Rel 2

New Vendor Policy

  • Microsoft Security Baseline for Microsoft Edge Chromium 86

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance policy for Apache Cassandra
  • Qualys Security Configuration and Compliance policy for Arista Network Devices
  • Qualys Security Configuration and Compliance policy for ArubaOS 8.x
  • Qualys Security Configuration and Compliance policy for Exchange 2019
  • Qualys Security Configuration and Compliance policy for F5 BIG-IP 12.x, 13.x, 14.x and 15.x
  • Qualys Security Configuration and Compliance policy for IBM z/OS Security Server RACF 2.x
  • Qualys Security Configuration and Compliance policy for Riverbed SteelHead Interceptor 7.x
  • Qualys Security Configuration and Compliance policy for Windows Remote Desktop
  • Qualys Security Configuration and Compliance Policy for VMware ESXi 7.x
  • Qualys Security Configuration and Compliance Policy for VMware Photon OS 3.x

Deprecated Policies

The following policies are deprecated in the October 2020 package:

  • Security Configuration and Compliance Policy for Oracle Database 19c
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1809), v1.6.1
  • HITRUST Cyber Security Framework (CSF) for Linux, Version 8.1
  • HITRUST Cyber Security Framework (CSF) for Microsoft Windows, Version 8.1
  • HITRUST Cyber Security Framework (CSF) for VMware, Version 8.1
  • HITRUST Cyber Security Framework (CSF) for Network devices, Version 8.1

Deprecated Mandates

  • HITRUST Common Security Framework (CSF)

Updated Library Policies

  • Policy update to include additional controls
    • Best Practice Controls for Reducing Risk related to Malware/Ransomware
  • Policy update to include additional controls
    • Qualys Security Configuration and Compliance Policy for ArubaOS 6.x
    • Qualys Security Configuration & Compliance Policy for Riverbed SteelHead RiOS 9.x
  • Policy re-release to include additional technology support
    • NIST 800-53 Database Policy Rev4
      Technology support added for:
      • MongoDB 3.x
      • MongoDB 4.x
      • PostgreSQL 9.x
      • PostgreSQL 10.x
      • PostgreSQL 11.x
      • PostgreSQL 12.x
      • MySQL 5.x
      • MySQL 8.x
      • MS SQL 2016
      • MS SQL 2017
      • MS SQL 2019
    • NIST 800-53 Network Device Policy
      Technology support added for:
      • F5 BIG IP 15.x
  • Policy update for control configuration changes:
    (Replaced CID 8357 with 9007)
    • Compliance Checklist for MAS IBTRM (Monitory Authority of Singapore – Internet Banking and Technology Risk Management) Guidelines 3.0
  • Policy update for control configuration changes:
    (Replaced CID 5318 with 2278, and 8327 with 10505)
    • CIS Benchmark policy for RHEL 8 v1.0.0
  • Policy update for control configuration changes (CID 9398):
    • CIS Benchmark for VMware ESXi 6.5, V1.0.0
    • CIS Benchmark for VMware ESXi 6.7, V1.1.0
  • Policy update for reconfiguration of the sysctl controls’ NL values
    • CIS Benchmark for Amazon Linux 2, v1.0.0
  • Policy update to fix cardinality (fixed cardinality of control 8777 from ‘matches’ to ‘contains’):
    • CIS Benchmark for Oracle Solaris 11.4, v1.0.0

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:
  • CIS Benchmark for Ubuntu 18.04 LXD Host v1.0.0
  • Cisco IOS Router NDM STIG – Ver 1, Rel 1
  • Cisco IOS Router RTR STIG – Ver 1, Rel 1
  • DISA Security Technical Implementation Guide (STIG) for Citrix XenDesktop 7.X V1R3 (STIG Release Dt: 2020-01-24)
  • Microsoft Access 2016 STIG – Ver 1, Rel 1
  • Microsoft Outlook 2016 STIG – Ver 1, Rel 2
  • Microsoft PowerPoint 2016 STIG – Ver 1, Rel 1
  • Qualys Informix policy
  • Qualys Security Configuration and Compliance Policy for Cisco IOS XE 17
  • Qualys Security Configuration and Compliance Policy for Citrix NetScaler
  • Qualys Security Configuration and Compliance Policy for Citrix XenApp 7.x
  • Qualys Security Configuration and Compliance Policy for Citrix XenServer 7.x and Citrix Hypervisor 8.x
  • Qualys Security Configuration and Compliance Policy for Panorama 8.x, 9.x and 10.x
  • Qualys Security Configuration and Compliance Policy for PowerShell
Policy Updates:
  • CIS Benchmark for CentOS Linux 6, v2.1.0
  • CIS Benchmark for Oracle Linux 6, v1.1.0
  • CIS Benchmark for Red Hat Enterprise Linux 6, v2.1.0

If you have any questions, please contact your TAM or Technical Support. See all library updates.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *