Policy Compliance Library Updates, July 2021

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.

The July release includes 12 CIS Benchmark policies, 2 new mandate-based policies, 2 DISA STIG policies, 2 Industry and Best Practice policies.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and by contributing to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

  • CIS Benchmark for CentOS Linux 6 v3.0.0
  • CIS Benchmark for CentOS Linux 7 v3.1.1
  • CIS Benchmark for Microsoft SQL Server 2016 v1.3.0
  • CIS Benchmark for Microsoft SQL Server 2019 v1.2.0
  • CIS Benchmark for Red Hat Enterprise Linux 6 v3.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 8, v1.0.1
  • CIS Benchmark for Microsoft SQL Server 2017 v1.2.0
  • CIS Benchmark for Ubuntu Linux 18.04 LTS v2.1.0
  • CIS Benchmark for Ubuntu Linux 20.04 LTS v1.1.0
  • CIS Benchmark for VMware ESXi 7.0 v1.0.0
  • CIS Benchmark for Microsoft SQL Server 2017 v1.2.0
  • CIS Benchmark for CRI Cyber Profile for Network Devices

New Mandate-based Policy

  • Cyber Essentials Mandate Policy for Network devices
  • CRI Cyber Profile for Network Devices

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch

New Industry and Best Practice Policy

  • Qualys Security Configuration and Compliance Policy for MemSQL
  • Qualys Security Configuration and Compliance Policy for Cisco ISE 2.x and 3.x

Updated Library Policy

The following updated policies will be available in the PC Content Library by end of this month:

  • Policy update for control configuration changes:
    • DISA Security Technical Implementation Guide (STIG) for Ubuntu 18, V2R2
  • Policy re-release to update the VMWare Security Hardening Guide with the latest updates:
    • VMWare (Vendor) ESXi 6 policy
  • Policy update to add new controls:
    • Best Practice Controls for Malware/Ransomware prevention
  • Policy update CID changes:
    • CIS Benchmark for MAC OS 10.9-10.15, MAC OS 11.x 
    • CIS Benchmark for Palo-Alto

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • CIS Benchmark for CentOS Linux 8, v1.0.1
  • CIS Benchmark for Docker v1.3.1
  • CIS Benchmark for F5 v1.0.0
  • CIS Benchmark for Kubernetes v1.20
  • CIS Benchmark for Oracle Linux 7 v3.1.1
  • CIS Benchmark for Oracle Linux 8, v1.0.1
  • CIS Benchmark for SUSE Linux Enterprise 12 v3.0.0
  • CIS Benchmark for Ubuntu Linux 16.04 LTS v2.0.0
  • CMMC policy for Containers
  • CMMC policy for Databases
  • Cyber Essentials Mandate Policy for Databases
  • DISA Security Technical Implementation Guide (STIG) for Active Directory Domain – Version 2, Release 13
  • DISA Security Technical Implementation Guide (STIG) for Active Directory Forest – Version 2, Release 8
  • DISA Security Technical Implementation Guide (STIG) for Apache Tomcat Application Server 9 – Version 2, Release 2
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch – Version 1, Release 1
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch – NDM and RTR
  • DISA Security Technical Implementation Guide (STIG) for Docker Enterprise 2.x Linux/UNIX – Version 2, Release 1
  • DISA Security Technical Implementation Guide (STIG) for Kubernetes STIG – Version 1, Release 1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Edge Transport Server Version 1, Release 5
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Mailbox Server Version 1, Release 4
  • CIS Benchmark for MySQL 8.x
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC – Version 2, Release 3
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86 STIG – Version 2, Release 3
  • Mandate based policy support for GLBA mandate
  • Microsoft Security Baseline for Windows 10, version 21H1
  • Security Configuration and Compliance Policy for Qualys Cloud Agent

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

Share your Comments

Comments

Your email address will not be published.