Policy Compliance Library Updates, May 2021

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update is released in the first week of each month, followed by the second update by end of each month.

The May release includes 1 CIS Benchmark policy, 8 DISA STIG policies, 2 Industry and Best Practice policies, 1 SCSEM policy, 1 Mandate policy and provides updates to several existing policies.

Qualys’ Certification Page at CIS has been updated.

New Policies Added in This Month

CIS Benchmark Policy

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Qualys Policy Compliance and by contributing to the development of new benchmarks through the CIS Community.

The following new CIS Benchmark policy will be available in the PC Content Library by end of May:

  • CIS Benchmark policy for Cisco IOS 15 v4.1.0

DISA STIG Policies

The following policies are available in the PC Content Library:

  • DISA Security Technical Implementation Guide (STIG) for Apple MacOS 11 Version 1 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS Version 1, Release 1

The following policies will be available in the PC Content Library by end of May:

  • DISA Security Technical Implementation Guide (STIG) for Oracle Linux 7.x Version 2 Release 2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE RTR Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE NDM Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS RTR Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS NDM Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Juniper Router RTR Version 2 Release 2

Industry and Best Practice Policies

The following policies will be available in the PC Content Library by end of May:

  • Qualys Security Configuration and Compliance Policy for IBM WebSphere Liberty
  • Qualys Security Configuration and Compliance Policy for Qualys Cloud Agent

Safeguard Computer Security Evaluation Matrix (SCSEM) Policy

The following new SCSEM policy will be available in the PC Content Library by end of May:

  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2016, v1.1

Mandate-based Policy

The following policy is available in the PC Content Library:

  • IEC 62443 Policy for Windows OS

Updated Policies in This Month

The following updated policies will be available in the PC Content Library by end of May:

  • Policy re-release to update CID 3376
    • Abu Dhabi Systems and Information Centre – Information Security Standards (Abu Dhabi Government) Version 2.0
  • Control configuration change in 4509 and 4194:
    • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2019, v1.0
  • Policy re-release to replace CID 12388 with CIDs 10823 and 10824 to ensure correct requirement mapping:
    • CIS Benchmark policy for Oracle Linux 7.x
  • Policy update for control configuration changes:
    • CIS Benchmark policy for MongoDB
  • Policy re-release to fix the issue of false positive for CID 5214:
    • CIS Benchmark for Microsoft Windows 2008 R2
  • Policy update for control configuration changes in CIDs 19702,16065 and 16066:
    • DISA Security Technical Implementation Guide (STIG) for MAC OS 10.14 and 10.15
  • Policy update to add JUNOS 20.x technology:
    • CIS Benchmark for Juniper OS, 2.1.0
    • DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM STIG – Ver 1, Rel 5
  • Policy update to add new controls
    • Security Configuration and Compliance Policy for SAP Hana 2.x

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:
  • CIS Benchmark for Apple macOS 11.0 v1.0.0
  • CIS Benchmark for Cisco IOS 12 v4.0.0
  • CIS Benchmark for Cisco NX-OS v1.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 7 v3.1.0
  • CIS Benchmark for Microsoft Windows Server 2019 v1.0.0
  • CIS Benchmark for Microsoft Windows Server 2019 v1.2.0
  • CIS Benchmark for Oracle Linux 6 v2.0.0
  • CIS Benchmark for SUSE Linux Enterprise 12 v3.0.0
  • CIS Benchmark for Ubuntu Linux 16.04 LTS v2.0.0
  • CIS Benchmark for Ubuntu Linux 18.04 LTS v2.1.0
  • DISA Security Technical Implementation Guide (STIG) for MS Windows Defender Antivirus Version 2 Release 1
  • DISA Security Technical Implementation Guide (STIG) for Oracle Java Runtime Environment (JRE) 8 Windows Version 1 Release 5
  • DISA Security Technical Implementation Guide (STIG) for Oracle Java Runtime Environment (JRE) 8 UNIX Version 1 Release 3
  • Qualys Security Configuration and Compliance Policy for Cisco ISE 2.x
  • Qualys Security Configuration and Compliance Policy for Cisco ISE 3.x

If you have any questions, please contact your TAM or Technical Support. See all library updates.

Share your Comments

Comments

Your email address will not be published.