Policy Compliance Library Updates, December 2021

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.

The December release includes five CIS Benchmark policies, two industry and best practice policies, two vendor policies, four DISA STIG policies, and provides updates to several existing policies in the Qualys Content Library. This month’s release also deprecates some of the existing policies.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

• CIS Benchmark for Cisco IOS 12, V4.0.0
• CIS Benchmark for IBM AIX 7.1, v2.0.0
• CIS Benchmark for Microsoft Windows Server 2012 R2, v2.5.0
• CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.3.0
• CIS Benchmark for SUSE Linux Enterprise 15.x, v1.1.0

New Industry and Best Practice Policy

• Qualys Security Configuration and Compliance Policy for Apple macOS 12.0
• Qualys Security Configuration and Compliance Policy for Windows Server Certification Authority

New Vendor Policies

• VMware vSphere Security Configuration Guide (SCG) for ESXi 6.5
• VMware vSphere Security Configuration Guide (SCG) for ESXi 7.x

New DISA STIG Policies

• DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, Ver 2 Rel 3
• DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series L2S, V1R2
• DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series NDM, V1R3
• DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series RTR, V1R3

Deprecated Policies

The following policies are deprecated in this month’s package:

Applications:

• DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R2
• Network Devices:
• Qualys Security Configuration and Compliance Policy for Cisco IOS 12.x, v1.0

Windows:

• CIS Benchmark for Microsoft Windows Server 2012 R2, v2.4.0, [Scored and Not Scored, Level 1 – Domain Controller, Level 2 – Domain Controller]
• CIS Benchmark for Microsoft Windows Server 2012 R2, v2.4.0
• CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.2.0

Linux:

• CIS Benchmark for SUSE Linux Enterprise 15.x, v1.0.0
• CIS Benchmark for IBM AIX 7.1, v1.1.0

Updated Library Policies

The following updated policies have been updated in this month’s package:

• Policy update to add new control IDs (17159, 11328)CIS Benchmark for Amazon Linux 2017, v2.1.0
  • CIS Benchmark for Debian Family Linux, v1.0.0
  • CIS Benchmark for Debian Linux 10, v1.0.0
  • CIS Benchmark for Fedora 28, v1.0.0
  • CIS Benchmark for SUSE Linux Enterprise 12.x, v3.0.0
  • CIS Benchmark for SUSE Linux Enterprise 15.x, v1.0.0
  • CIS Benchmark for Ubuntu Linux 16.04 LTS, v2.0.0
  • CIS Benchmark for Ubuntu Linux 18.04 LTS, v2.1.0
  • CIS Benchmark for Ubuntu Linux 18.04 LXD Container, v1.0.0
  • CIS Benchmark for Ubuntu Linux 18.04 LXD Host, v1.0.0
  • CIS Benchmark for Ubuntu Linux 20.04 LTS, v1.1.0
  • CIS Ubuntu Linux 20.04 LTS STIG, v1.0.0
  • Cybersecurity Maturity Model Certification (CMMC) v1.0 for Linux
  • PCI-DSS (Payment Card Industry Data Security Standard) v3.2.1 – Operating Systems
  • Security Configuration and Compliance Policy for CentOS Stream 8.x
  • Security Configuration and Compliance Policy for FreeBSD
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V2R4
  • MITRE ATT&CK Enterprise Framework v8 for Linux
  • Safeguard Computer Security Evaluation Matrix for Red Hat Enterprise Linux 7.x, v2.2

• Policy re-release to update regex
  • CIS Benchmark for Ubuntu Linux 20.04 LTS STIG, v1.0.0
  • DISA Benchmark for Apache 2.4 Site V2R1

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

• CIS Benchmark for AlmaLinux OS 8 v1.0.0
• CIS Benchmark for Amazon Linux 2 v2.0.0
• DISA Security Technical Implementation Guide (STIG) for HP FlexFabric Switch-NDM, RTR and L2S
• CIS Benchmark for Cisco Firewall 8.x v4.2.0
• CIS Benchmark for PostgreSQL 13 v1.0.0
• Qualys Security Configuration and Compliance Policy for AWS RDS – MariaDB
• Qualys Security Configuration and Compliance Policy for AWS RDS – MySQL
• Qualys Security Configuration and Compliance Policy for AWS RDS – PostgreSQL
• Qualys Security Configuration and Compliance Policy for Azure Database for MariaDB
• Qualys Security Configuration and Compliance Policy for Azure Database for MySQL
• Qualys Security Configuration and Compliance Policy for Azure Microsoft SQL Server 2014
• Qualys Security Configuration and Compliance Policy for EulerOS 2.x
• Qualys Security Configuration and Compliance Policy for HP ILO 4 and 5
• Qualys Security Configuration and Compliance Policy for IBM WebSphere Liberty 21
• Qualys Security Configuration and Compliance Policy for MSFT Mariner
• Qualys Security Configuration and Compliance Policy for WebLogic Server 14c
• NSA, CISA based Kubernetes Hardening Guideline

If you have any questions, please contact your TAM or Technical Support. See all library updates.