Policy Compliance Library Updates, January 2021

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The January release includes 5 CIS Benchmark policies, 1 DISA STIG policy, 10 new Industry and Best Practice policies, and provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policy

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and by contributing to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policy:

  • CIS Benchmark policy for Apache HTTP Server 2.4 v2.0.0
  • CIS Benchmark policy for Apple macOS 10.14 v1.1.0
  • CIS Benchmark policy for Apple macOS 10.15 v1.1.0
  • CIS Benchmark policy for Ubuntu 18.04 LXD Container v1.0.0
  • CIS Guideline for Exploited Protocols: Remote Desktop Protocol (RDP)

New Mandate-based Policy

  • NCSC UK framework policy support for Windows 10 version 2004

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Ubuntu 18 Version 1 Release 1

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance Policy for Aruba ClearPass Policy Manager (CPPM) 6.x
  • Qualys Security Configuration and Compliance Policy for Extreme Network BOSS 5.x
  • Qualys Security Configuration and Compliance Policy for Extreme Networks VOSS 6.x
  • Qualys Security Configuration and Compliance Policy for Extreme Networks VOSS 7.x
  • Qualys Security Configuration and Compliance Policy for Extreme Networks VOSS 8.x
  • Qualys Security Configuration and Compliance Policy for Juniper IVE 8.x
  • Qualys Security Configuration and Compliance Policy for PAN OS 10.x
  • Qualys Security Configuration and Compliance Policy for Pulse Connect Secure 9.x
  • Qualys Security Configuration and Compliance Policy for Gigamon GigaVUE-OS 5.x
  • Qualys Security Configuration and Compliance Policy for Microsemi SyncServer 3.x
  • MITRE ATT&CK Enterprise Framework v8 for Linux
  • MITRE ATT&CK Enterprise Framework v8 for Microsoft Windows

Deprecated Policies

The following policies are deprecated in the January 2021 package:

  • Apache HTTP Server
    • CIS Benchmark for Apache HTTP Server 2.4, v1.5.0
  • Apple MAC OS
    • CIS Benchmark for Apple macOS 10.14, v1.0.0
    • CIS Benchmark for Apple macOS 10.15, v1.0.0

Updated Library Policies

  • Policy re-release for adding new NL value in CID 11196:
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1607), v1.2.0
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0, French
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0, Portuguese
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0, Spanish
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0, German
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0, French
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0, Spanish
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1803), v1.5.0
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1809), v1.6.1
    • NIST 800-53 Rev 4 for Microsoft Windows
  • Policy re-release for adding new NL value in CID 10472:
    • Windows 2019 Server, CIS Benchmark for Microsoft Windows 2019 (Release 1809), v1.1.0
    • Windows 2019 Server, Microsoft Security Baseline for Windows Server 2019
    • Windows 2019 Server, DISA Security Technical Implementation Guide (STIG) for Windows Server 2019 MS, V1R3
    • Windows 2019 Server, DISA Security Technical Implementation Guide (STIG) for Windows Server 2019 DC, V1R3
    • Windows 10, DISA Security Technical Implementation Guide (STIG) for Windows 10, V1R21
    • Windows 10, Microsoft MDM Security Baseline for Windows 10
    • Windows 10, CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0, Spanish
    • Windows 10, CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0, French
    • Windows 10, CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0, German
    • Windows 10, CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1803), v1.5.0
    • Windows 10, CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1809), v1.6.1
    • Windows 10, CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1903), v1.7.1
    • Windows 10, CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1909), v1.8.1
    • Windows 10, Microsoft Security Compliance Manager (SCM) Baseline for Windows 10 version 1511
    • Windows 10, Microsoft Security Baseline for Windows 10 version 1809
    • Windows 10, Microsoft Security Baseline for Windows 10 version 1903
  • Policy re-release for adding new NL value in CID 4194:
    • CIS Benchmark for Microsoft Windows 2016 RTM (Release 1607), v1.2.0
    • CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511), v1.1.0
    • CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511), v1.1.0, French
    • CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511), v1.1.0, Spanish
    • CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511), v1.1.0, German
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1607), v1.2.0
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1803), v1.5.0
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1809), v1.6.1
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0, French
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0, Portuguese
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0, Spanish
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0, French
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0, German
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0, Spanish
    • CIS Benchmark for Microsoft Windows 2019 (Release 1809), v1.1.0
    • CIS Benchmark for Microsoft Windows 2012 R2, v2.3.0, Spanish
    • CIS Benchmark for Microsoft Windows 2012 R2, v2.3.0, French
    • CIS Benchmark for Microsoft Windows 8, v1.0.0
    • CIS Benchmark for Microsoft Windows Server 2003 v3.1.0
    • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.1.0, Spanish
    • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.1.0, French
    • CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.1.0, French
    • CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.1.0, Spanish
    • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.2.0
    • CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.2.0
    • CIS Benchmark for Microsoft Windows Server 2012 R2, v2.4.0
    • CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.1.0, French
    • CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.1.0, Spanish
    • CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.2.0
    • CIS Benchmark for Microsoft Windows Server 2016, v1.0.0, French
    • CIS Benchmark for Microsoft Windows Server 2016, v1.0.0, Spanish
    • CIS Benchmark for Microsoft Windows 2016, v1.1.0, German
    • CIS Benchmark for Microsoft Windows 7 Workstation, v3.1.0, French
    • CIS Benchmark for Microsoft Windows 7 Workstation, v3.1.0, German
    • CIS Benchmark for Microsoft Windows 7 Workstation, v3.1.0, Spanish
    • CIS Benchmark for Windows 8.1 Workstation, v2.3.0, French
    • CIS Benchmark for Windows 8.1 Workstation, v2.3.0, Spanish
    • CIS Benchmark for Windows 8.1 Workstation, v2.4.0
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1803), v1.5.0
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1903), v1.7.1
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1809), v1.6.1
    • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1909), v1.8.1
    • CIS Benchmark for Windows XP, v2.0.1
    • CIS Microsoft Windows Server 2016 STIG Benchmark, v1.0.0
    • DISA Security Technical Implementation Guide (STIG) for Windows 8.1, V1R23
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 non-R2 DC, V6R47
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 non-R2 MS, V6R46
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 DC, V1R34
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 MS, V1R33
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2) DC, V2R21
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2) MS, V2R19
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 DC, V2R21
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 MS, V2R19
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 DC, V1R12
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 MS, V1R12
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows 10 version 1511
    • Microsoft Security Baseline for Windows 10 version 1903
    • Microsoft Security Baseline for Windows 10 version 1809
    • Microsoft Security Baseline for Windows 10 version 1909
    • Microsoft Security Baseline for Windows 10 version 2004
    • Microsoft Security Baseline for Windows Server 2019
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2016
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows 7
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows 8
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows 8.1
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 Domain Controller
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 Member Server
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 R2 Domain Controller
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 R2 Member Server
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 Domain Controller
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 R2 Domain Controller
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 Member Server
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 R2 Member Server
    • Australia Information Security Manual (Information Technology Security) for Windows
    • Microsoft MDM Security Baseline for Windows 10
    • NERC CIPv5 for Windows
    • NIST 800-53 Rev 4 for Microsoft Windows
    • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2019, v1.0
    • United States Government Configuration Baseline (USGCB) for Microsoft Windows 7
    • United States Government Configuration Baseline (USGCB) for Microsoft Windows 10
  • Policy re-release as EVAL Type is changed for CID 3402 and 3399:
    • Australia Information Security Manual (Information Technology Security) for Windows
    • Australian Signals Directorate (ASD) Top 4 Strategies (Mitigate Targeted Cyber Intrusions) for Windows
    • NERC CIPv5 for Windows
    • NIST 800-53 Rev 4 for Microsoft Windows
  • Policy update due to change in OCA tag and description:
    • Security Configuration and Compliance Policy for Fortinet Firewall
  • Policy re-release for NL value changes from PI to GR (CID 18598, 10671, 10653, and 17279):
    • CIS Benchmark for Amazon Linux 2, v1.0.0
    • CIS Benchmark for Amazon Linux 2 STIG, v1.0.0
    • Security Configuration and Compliance Policy for Red Hat Fedora
    • NIST 800-53 Rev 4 for Linux
    • CIS Benchmark for SUSE Linux Enterprise 15.x, v1.0.0
    • CIS Benchmark for Debian Linux 10, v1.0.0
    • CIS Benchmark for Ubuntu Linux 18.04 LTS, v2.0.1
    • CIS Benchmark for Ubuntu Linux 20.04 LTS, v1.0.0
  • Policy re-release to replace CID 4887 with CID 18976:
    • Compliance Checklist for MAS IBTRM (Monitory Authority of Singapore – Internet Banking and Technology Risk Management) Guidelines 3.0
    • CIS Benchmark for Microsoft SQL Server 2017, v1.1.0
    • CIS Benchmark for Microsoft SQL Server 2016, v1.2.0
    • CIS Benchmark for Microsoft SQL Server 2014, v1.5.0
    • CIS Benchmark for Microsoft SQL Server 2012, v1.6.0
    • CIS Benchmark for Microsoft SQL Server 2008 R2, v1.7.0
  • Policy re-release to include CID 20234:
    • CIS Benchmark for Cisco Firewall ASA 8.x, v4.1.0
    • CIS Benchmark for Cisco Firewall ASA 9.x, v4.1.0
  • Policy re-release for policy section naming convention for NCSC policies:
    • National Cyber Security Center (NCSC) Secure configuration for Windows 10 (Release 1809)
  • Policy re-release to include compensating controls:
    • Compensating Controls for Reducing Risk of Vulnerabilities Leveraged by FireEye Red Team Tools

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

  • New Coverage:
    • CIS Benchmark for Apache Tomcat 9 v1.1.0
    • CIS Benchmark for Debian Family Linux, 1.0.0
    • CIS Benchmark for Red Hat Enterprise Linux 7
    • Cyber Essentials Mandate Policy for Linux
    • DISA Security Technical Implementation Guide (STIG) for VMware vSphere 6.5 ESXi STIG Ver 1 Rel 4
    • DISA Security Technical Implementation Guide (STIG) for Microsoft SharePoint 2013 STIG – V1R9 policy
    • Microsoft Security Baseline for Windows 10 Release 20H2
    • Qualys Security and Configuration policy for FreeBSD 11.x, 12.x
    • Qualys Security and Configuration policy for Panorama 8.x, 9.x and 10.x
    • Qualys Security and Configuration policy for JunOS 19
    • Qualys Security and Configuration policy for SAP IQ 16
  • Policy Updates:
    • CIS Benchmark for Apple macOS 10.13, 1.1.0
    • IRS SCSEM RHEL 7 v2.2 (2018-09-2018)

If you have any questions, please contact your TAM or Technical Support. See all library updates.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *