Policy Compliance Library Updates, March 2021

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The March release includes 1 CIS Benchmark policies, 17 DISA STIG policies, 2 new mandate-based policies, 2 Industry and Best Practice policies.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policy

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and by contributing to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policy:

  • CIS Benchmark policy for Juniper OS, 2.1.0

New Mandate-based Policy

  • Mandate-based policy for National Cryptographic Standards (NCS)
  • Mandate-based policy for Essential Cybersecurity Controls (ECC – 1: 2018)

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for RHEL 6.x Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) for RHEL 7.x Version 3 Release 2
  • DISA Security Technical Implementation Guide (STIG) for Oracle Linux 6.x Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) for Suse 12.x Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) for Ubuntu 16.x Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) for Ubuntu 18.x Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) for AIX 7 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Windows 10 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Windows 2012 R2 & non-R2 MS Version 3 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Windows 2012 R2 & non-R2 DC Version 3 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Windows 2016 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Windows 2019 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Google Chrome Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox Version 5 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Outlook 2016 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for RHEL 8 STIG – Ver 1, Rel 1

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance Policy for Redis on Linux
  • Qualys Security Configuration and Compliance Policy for SAP IQ 16
  • Security Hygiene Controls for Reducing Risk against HAFNIUM attack (Exchange Servers)

Deprecated Policies

The following policies are deprecated in the March 2021 package:

Network Policies

  • CIS Benchmark for Juniper OS, v2.0.0

Linux/Unix Policies

  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V1R6
  • DISA Security Technical Implementation Guide (STIG) for Ubuntu 16, V1R5
  • DISA Security Technical Implementation Guide (STIG) for Ubuntu 18, V1R2
  • DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x, V1R1
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6, V1R26
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V2R8
  • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 6, V1R19

Windows Policies

  • DISA Security Technical Implementation Guide (STIG) for Windows 10, V1R23
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 MS, V2R19
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2) MS, V2R19
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2) DC, V2R21
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 DC, V2R21
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 DC, V1R12
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 MS, V1R12
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2019 DC, V1R5
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2019 MS, V1R5

Applications

  • DISA Security Technical Implementation Guide (STIG) for Google Chrome, V1R19
  • DISA Security Technical Implementation Guide (STIG) for Mozilla FireFox, V4R29
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Outlook 2016, V1R2

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:
  • BPP for OS Controls on SAP HANA on SuSE 12
  • CIS Benchmark for Microsoft Intune for Windows 10 Release 2004 v1.0.0
  • CIS Benchmark for Cisco IOS 12 v4.0.0
  • CIS Benchmark for Cisco IOS 15 v4.1.0
  • CIS Benchmark for Oracle (Multi-tenant) Database 12c, v3.0.0
  • CIS Benchmark for Oracle (Multi-tenant) Database 18c, v1.0.0
  • CIS Benchmark for Oracle (Multi-tenant) Database 19c, v1.0.0
  • CMMC policy for Linux
  • Cyber Institute Cyber Security Profile Mandate Policy
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Apple MacOS 11 Version 1 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Apple OS X 10.14 (Mojave) – Ver 2, Rel 2
  • DISA Security Technical Implementation Guide (STIG) for Apple OS X 10.15 – Ver 1, Rel 3
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE RTR Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE NDM Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS RTR Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS NDM Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM and RTR – Ver 1, Rel 5
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Access 2013 – Ver 1, Rel 6
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Edge – Ver 1, Rel 1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Excel 2013 – Ver 1, Rel 7
  • DISA Security Technical Implementation Guide (STIG) for Microsoft IIS 10 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft IIS 8.5 Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2013 STIG – Ver 2, Rel 1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Outlook 2013 – Ver 1, Rel 13
  • DISA Security Technical Implementation Guide (STIG) for Microsoft PowerPoint 2013 – Ver 1, Rel 6
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Word 2013 – Ver 1, Rel 6
  • DISA Security Technical Implementation Guide (STIG) for Oracle Linux 7.x Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks IDPS and ALG Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for PostgreSQL 9.x Version x Release x
  • DISA Security Technical Implementation Guide (STIG) for VMware vCenter
  • IEC 62443 Policy for Windows OS
  • NERC CIP v6
  • Qualys Security Configuration and Compliance Policy for Apache Hadoop
  • Qualys Security Configuration and Compliance Policy for Cisco ISE 2.x
  • Qualys Security Configuration and Compliance Policy for Cisco ISE 3.x
  • Qualys Security Configuration and Compliance Policy for Data Domain OS 6.x

If you have any questions, please contact your TAM or Technical Support. See all library updates.

Show Comments (1)

Comments

Your email address will not be published.

  1. Can you share insight into the comparison between policy compliance and puppet for configuring server builds of OS such as Windows, Linux and Solaris? Looks like PC scan will be irrelevant since puppet is able to maintain configured standards in the OS build.
    Please share more insight about this.