Policy Compliance Library Updates, November 2021

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month, which includes bug fixes and updated policies.

The November release includes three CIS Benchmark policies, two industry and best practice policies, two vendor policies, 15 DISA STIG policies, and provides updates to several existing policies in the Qualys Content Library. This month’s release also deprecates some of the existing policies.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

  • CIS Benchmark for Microsoft Windows 2016 RTM (Release 1607), v1.3.0
  • CIS Benchmark for Microsoft Windows Server 2016 STIG, v1.1.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 20H2 or older), v1.10.0 [Automatic and Manual, All Profiles], French

New Industry and Best Practice Policy

  • Qualys Security Configuration and Compliance Policy for Huawei VRP OS 5.x
  • Security Configuration and Compliance Policy for Red Hat CoreOS 4.x

New Vendor Policies

  • Microsoft Security Baseline for Windows Server 2022
  • Microsoft Security Baseline for Windows 11

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks IDPS, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch RTR, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch L2S, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R2
  • DISA Security Technical Implementation Guide (STIG) for IIS 8.5 server, V2R2
  • DISA Security Technical Implementation Guide (STIG) for IIS 8.5 site, V2R3
  • DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R3
  • DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R4

Deprecated Policies

The following policies are deprecated in this month’s package:

Applications:

  • DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R1
  • DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R2
  • DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Site, V2R1
  • DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Server, V2R1
  • DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R1
  • DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R1

Network Devices:

  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch L2S, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch RTR, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks IDPS, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V2R1

Windows Server 2016 RTM:

  • CIS Benchmark for Microsoft Windows 2016 RTM (Release 1607), v1.2.0

Windows Server 2016 STIG:

  • CIS Microsoft Windows Server 2016 STIG Benchmark, v1.0.0
  • CIS Microsoft Windows Server 2016 STIG Benchmark, v1.0.0

Updated Library Policy

The following updated policies have been updated in this month’s package:

  • Policy update to replace control ID 9800 with 22342:
    • CIS Benchmark for Apache HTTP Server 2.4, v2.0.0
  • Policy update to add support for Junos 12.x:
    • CIS Benchmark for Juniper OS, v2.1.0
  • Policy update to fix regex for audit rules related controls:
    • DISA Security Technical Implementation Guide (STIG) for Ubuntu 18.04 LTS, V2R4
    • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V2R4
  • Policy re-release in control configuration changes:
    • PCI-DSS (Payment Card Industry Data Security Standard) v3.2.1 – Operating Systems
    • DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V2R4
  • Policy re-release to incorporate NL value changes in CIDs 17159, 11328 and to add support for additional technologies:
    • CIS Benchmark for CentOS 6, 7, 8
    • CIS Benchmark for RHEL 6, 7, 8
    • CIS Benchmark for OEL 6, 7, 8

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • Arista Multilayer Switch (MLS) DCS-7000 Series Layer 2 Switch (L2S) STIG, Ver 1, Rel 3
  • Arista Multilayer Switch (MLS) DCS-7000 Series Network Device Management (NDM) STIG, Ver 1, Rel 3
  • Arista Multilayer Switch (MLS) DCS-7000 Series Router (RTR) STIG, Ver 1, Rel 3
  • CIS Benchmark for Cisco IOS 12 v4.0.0
  • CIS Benchmark for IBM AIX 7.1 v2.0.0
  • CIS Benchmark for Microsoft Windows Server 2012 R2 v2.5.0
  • CIS Benchmark for Microsoft Windows Server 2012 (non-R2) v2.3.0
  • CIS Benchmark for SUSE Linux Enterprise 15 v1.1.0
  • VMWare vSphere Security Hardening Guide for ESXi 7
  • VMWare vSphere Security Hardening Guide for vCenter 7
  • VMWare vSphere Security Hardening Guide for ESXi 6.5
  • Security Configuration and Compliance Policy for Mac OS 12Apache Server 2.4 UNIX STIG (Server – V1R3, Site – V2R1)
  • Qualys Security Configuration and Compliance Policy for Azure Microsoft SQL Server 2014
  • Qualys Security Configuration and Compliance Policy for Windows 2008/2012/2016 Certificate Authority

If you have any questions, please contact your TAM or Technical Support. See all library updates.

Share your Comments

Comments

Your email address will not be published.