Policy Compliance Library Updates, October 2021

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.

The October release includes 5 CIS Benchmark policies, 1 new mandate-based policy, 2 new vendor policies, 7 DISA STIG policies, and provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and by contributing to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

• CIS Benchmark for Cisco ASA 9.x Firewall Benchmark v1.0.0
• CIS Benchmark for Docker v1.3.1
• CIS Benchmark for MongoDB 4 v1.0.0
• CIS Benchmark for SUSE Linux Enterprise 12 v3.0.0
• CIS Benchmark for Ubuntu Linux 20.04 LTS v1.0.0

New Mandate-based Policy

• CMMC policy for Network Devices

New Vendor Policy

• CRI Cyber Profile for Linux, v1.1
• CRI Cyber Profile for Databases, v1.1

New Industry and Best Practice Policy

• Qualys Security Configuration and Compliance Policy for Qualys Cloud Agent for Linux
• Qualys Security Configuration and Compliance Policy for Qualys Cloud Agent for Windows
• Qualys Security Configuration and Compliance Policy for CentOS Stream 8
• Qualys Security Configuration and Compliance Policy for IBM DB2 z/OS 11.x and IBM DB2 z/OS 12.x

New DISA STIG Policies

• DISA Security Technical Implementation Guide (STIG) for A10 NDM – Ver 1, Rel1 and ALG Ver2, Rel1
• DISA Security Technical Implementation Guide (STIG) for Apache Tomcat Application Server 9 – Ver 2, Rel 2
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR, NDM and RTR Ver 1 Rel 4
• DISA Security Technical Implementation Guide (STIG) for Docker Enterprise 2.x Linux/UNIX – Ver 2, Rel 1
• DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016 – Ver 2, Rel 1
• DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox – Ver 5, Rel 2
• DISA Security Technical Implementation Guide (STIG) for PostgresSQL 9.x – Ver 2, Rel 2

Deprecated Policies

The following policies are deprecated in this month’s package:

Linux:

• CIS Benchmark for SUSE Linux Enterprise 12.x, v2.1.0

Applications:

• CIS Benchmark for Docker Benchmark, v1.2.0
• DISA Security Technical Implementation Guide (STIG) for Microsoft Access 2016, V1R1
• DISA Security Technical Implementation Guide (STIG) for Mozilla FireFox, V5R1

Network Devices:

• CIS Benchmark for Cisco Firewall ASA 9.x, v4.1.0

Databases:

• DISA Security Technical Implementation Guide (STIG) for PostgreSQL 9.x, V2R1
• Security Configuration and Compliance Policy for MongoDB 4.x

Updated Library Policy

The following updated policies have been updated in this month’s package:

• Policy update for change in CID 18962
  • Best Practice Controls for Malware/Ransomware prevention

• Policy update for multiple changes in regex:
  • CIS Benchmark for Microsoft Office 2016, v1.1.0
  • CIS Benchmark for Red Hat Enterprise Linux 7.x, v3.1.1

• Policy update for manual controls:
  • CIS Benchmark for MAC OS 10.15 and MAC OS 11

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

• Arista Multilayer Switch (MLS) DCS-7000 Series Layer 2 Switch (L2S) STIG, Ver 1, Rel 3
• Arista Multilayer Switch (MLS) DCS-7000 Series Network Device Management (NDM) STIG, Ver 1, Rel 3
• Arista Multilayer Switch (MLS) DCS-7000 Series Router (RTR) STIG, Ver 1, Rel 3
• CIS Benchmark for Microsoft Windows Server 2016 RTM (Release 1607) v1.3.0
• CIS Benchmark for Microsoft Windows Server 2016 STIG v1.1.0
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch (NDM – V2R3, RTR – V2R1, L2S – V2R2)
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS-XE Router
• DISA Security Technical Implementation Guide (STIG) for Google Chrome – Ver 2, Rel 4
• DISA Security Technical Implementation Guide (STIG) for Microsoft Edge – Ver 1, Rel 2
• DISA Security Technical Implementation Guide (STIG) for Microsoft IIS 8.5
• DISA Security Technical Implementation Guide (STIG) for Microsoft IIS 10.0
• DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks
• DISA Security Technical Implementation Guide (STIG) for VMware vCenter
• DISA Security Technical Implementation Guide (STIG) for VMware vSphere 6.5
• Microsoft Security baseline for Windows Server 2022
• Microsoft Security baseline for Windows 11
• Qualys Security Configuration and Compliance Policy for Azure Microsoft SQL Server 2014
• Qualys Security Configuration and Compliance Policy for EulerOS 2.x
• Qualys Security Configuration and Compliance Policy for Huawei Devices – VRP OS 5.x & 8.x
• Qualys Security Configuration and Compliance Policy for Red Hat Enterprise Linux CoreOS 4.x
• Qualys Security Configuration and Compliance Policy for Windows 2008/2012/2016 Certificate Authority

If you have any questions, please contact your TAM or Technical Support. See all library updates.