Policy Compliance Library Updates, June 2021

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.

The June release includes 6 CIS Benchmark policies, 3 new mandate-based policies, 3 DISA STIG policies, 1 Industry and Best Practice policy.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and by contributing to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

  • CIS Benchmark for Cisco NX-OS, V1.0.0
  • CIS Benchmark for Apple Mac OS 11.0 v1.2.0
  • CIS Benchmark for Oracle Linux 6, v2.0.0
  • CIS Benchmark for Microsoft Windows 2019, v1.2.1
  • CIS Benchmark for Microsoft Windows 2019 STIG Benchmark, v1.0.1
  • CIS Benchmark for Red Hat Enterprise Linux 7, v3.1.1

New Mandate-based Policy

  • National Cybersecurity Authority – Critical Systems Cybersecurity Controls (CSCC–1:2019) for Linux
  • National Cybersecurity Authority – Critical Systems Cybersecurity Controls (CSCC–1:2019) for Microsoft Windows
  • National Cybersecurity Authority – Critical Systems Cybersecurity Controls (CSCC–1:2019) for Network Devices

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Oracle Java Runtime Environment (JRE) version 8 for Windows Version 1 Release 5
  • DISA Security Technical Implementation Guide (STIG) for Java Runtime Environment (JRE) version 8 for Unix, Version 1 Release 3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft (MS) Windows Defender Antivirus, Version 2 Release 2

New Industry and Best Practice Policy

  • Qualys Security Configuration and Compliance Policy for IBM WebSphere MQ

Updated Library Policy

The following updated policies will be available in the PC Content Library by end of this month:

  • Policy update to add all controls required for 100% support:
    • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS, Version 1 Release 1
    • DISA Security Technical Implementation Guide (STIG) for Ubuntu 18, Version 2 Release 2

Deprecated Policies

The following policies are deprecated in the June 2021 package:

  • Windows Policies
    • CIS Benchmark for Microsoft Windows 2019 (Release 1809), v1.1.0
  • Linux Policies
    • CIS Benchmark for Oracle Linux 6, v1.1.0
    • CIS Benchmark for Red Hat Enterprise Linux 7, v3.0.0

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • CIS Benchmark for CentOS Linux 6 v3.0.0
  • CIS Benchmark for CentOS Linux 7 v3.1.1
  • CIS Benchmark for Microsoft SQL Server 2016 v1.3.0
  • CIS Benchmark for Microsoft SQL Server 2017 v1.2.0
  • CIS Benchmark for Microsoft SQL Server 2019 v1.2.0
  • CIS Benchmark for MySQL 8.x
  • CIS Benchmark for Red Hat Enterprise Linux 6 v3.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 8, v1.0.1
  • CIS Benchmark for SUSE Linux Enterprise 12 v3.0.0
  • CIS Benchmark for Ubuntu Linux 20.04 LTS v1.1.0
  • CIS Benchmark for Ubuntu Linux 16.04 LTS v2.0.0
  • CIS Benchmark for Ubuntu Linux 18.04 LTS v2.1.0
  • CIS Benchmark for VMware ESXi 7.0 v1.0.0
  • Cyber Essentials Mandate Policy for Network devices
  • CRI Cyber Profile for Network Devices
  • Cyber Essentials Mandate Policy for Databases
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Edge Transport Server – Ver 1, Rel 5
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Mailbox Server Ver 1, Rel 4
  • Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch – NDM and RTR
  • Qualys Security Configuration and Compliance Policy for Cisco ISE 2.x & 3.x

If you have any questions, please contact your TAM or Technical Support. See all library updates.

Share your Comments

Comments

Your email address will not be published.