Policy Compliance Library Updates, February 2022

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.

The February release includes eight CIS Benchmark policies, eight industry and best practice policies, 22 DISA STIG policies, one vendor policy, and provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

• CIS Benchmark for Amazon Elastic Kubernetes Service (EKS) v1.0.1
• CIS Benchmark for Amazon Linux 2 STIG v2.0.0
• CIS Benchmark for Apple macOS 11.0 Big Sur v2.0.0
• CIS Benchmark for Apple macOS 12.0 Monterey v1.0.0
• CIS Benchmark for Cisco Firewall 8.x v4.2.0
• CIS Benchmark for F5 v1.0.0
• CIS Benchmark for Google Chrome v2.1.0
• CIS Benchmark for Kubernetes V1.20, v1.0.0

New Industry and Best Practice Policies

• Qualys Security Configuration and Compliance Policy for AWS RDS – MariaDB
• Qualys Security Configuration and Compliance Policy for AWS RDS – MySQL
• Qualys Security Configuration and Compliance Policy for AWS RDS – Oracle Database
• Qualys Security Configuration and Compliance Policy for AWS RDS – PostgreSQL
• Qualys Security Configuration and Compliance Policy for AWS RDS – SQL Server
• Qualys Security Configuration and Compliance Policy for IBM WebSphere Liberty 21
• Qualys Security Configuration and Compliance Policy for MSFT Mariner
• Qualys Security Configuration and Compliance Policy for Rocky Linux 8.x

New DISA STIG Policies

• DISA Security Technical Implementation Guide (STIG) for Active Directory Domain, V3R1
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V2R3
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V2R2
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR, V2R2
• DISA Security Technical Implementation Guide (STIG) for Citrix XenDesktop 7.x Delivery Controller, V1R2
• DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2012 Database, V1R20
• DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2012 Instance, V1R20
• DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2014 Instance, V2R2
• DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Database, V2R3
• DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Instance, V2R6
• DISA Security Technical Implementation Guide (STIG) for Ubuntu 16, V2R3
• DISA Security Technical Implementation Guide (STIG) for VMware vSphere 6.5
• DISA Security Technical Implementation Guide (STIG) for VMware vSphere 6.7
• DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R3
• DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2), V3R3
• DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2, V3R3
• DISA Security Technical Implementation Guide (STIG) for Windows Server 2016, V2R3
• DISA Security Technical Implementation Guide (STIG) for Windows Server 2019, V2R3
• DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R5
• DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R5
• DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Server, V2R3
• DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Site, V2R5

New Vendor Policies

• Microsoft Security Baseline for Windows 10, version 21H2

Updated Library Policies

The following policies are updated in this month’s package:

• Policy re-release to incorporate NL value update
  • CIS Benchmark for Microsoft IIS 7.0, v1.8.0, French
  • CIS Benchmark for Microsoft IIS 7.5, v1.8.0, French
  • CIS Benchmark for Microsoft IIS 8.0, v1.5.0, French
  • CIS Benchmark for Microsoft IIS 8.5, v1.5.0, French
  • CIS Benchmark for Microsoft IIS 7.0, v1.8.0, Spanish
  • CIS Benchmark for Microsoft IIS 7.5, v1.8.0, Spanish
  • CIS Benchmark for Microsoft IIS 8.0, v1.5.0, Spanish
  • CIS Benchmark for Microsoft IIS 8.5, v1.5.0, Spanish

• Policy re-release to correct inaccuracies:
  • CIS Benchmark for Microsoft Windows 2016 RTM (Release 1607), v1.3.0

• Policy update to change the ‘setting not found’ parameter to be a ‘Pass’ condition:
  • CIS Benchmark for RHEL 7 STIG v1.0.0

• Policy update to remove the controls for /var/log/faillog and add the controls for /var/run/faillock:
  • CIS Benchmark for Oracle Linux 7 v3.1.1
  • CIS Benchmark for CentOS Linux 7, v3.1.1
  • CIS Benchmark for Red Hat Enterprise Linux 7, v3.1.1

• Policy re-release to update control configuration for CID 10480:
  • CIS Benchmark for Amazon Linux 2016, v2.0.0
  • CIS Benchmark for Debian Linux 7, v1.0.0
  • CIS Benchmark for SUSE Linux Enterprise 11.x, v2.1.0
  • CIS Benchmark for Ubuntu 12.04 LTS Server, v1.1.0
  • Qualys Security Configuration and Compliance Policy for Amazon Linux 2017
  • Qualys Security Configuration and Compliance Policy for Amazon Linux 2018

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

• CIS Benchmark for Amazon Linux 2 STIG v2.0.0
• CIS Benchmark for Apple macOS 10.14 v2.0.0
• CIS Benchmark for Apple macOS 10.15 v2.0.0
• CIS Benchmark for NGINX v1.0.0
• CIS Benchmark for Red Hat Enterprise Linux 8 STIG v1.0.0
• CIS Benchmark for Red Hat Enterprise Linux 7 STIG v2.0.0
• DISA Security Technical Implementation Guide (STIG) for Apple macOS 10.14, Ver 2 Rel 5
• DISA Security Technical Implementation Guide (STIG) for Apple macOS 10.15, Ver 1 Rel 7
• DISA Security Technical Implementation Guide (STIG) for Apple macOS 11 Ver 1 Rel 5
• DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS, V1R3
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S, V2R2
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM, V2R2
• DISA Security Technical Implementation Guide (STIG) for Java Runtime Environment (JRE) version 8 STIG for Windows, V1R5
• DISA Security Technical Implementation Guide (STIG) for Oracle 11.2g Database – Ver 2, Rel 3
• DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c – Ver 2, Rel 3
• DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R6
• DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R5
• DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V2R6
• DISA Security Technical Implementation Guide (STIG) for Ubuntu 18.04 LTS, V2R6
• Microsoft Security Baseline for Microsoft Edge v96
• Qualys Security Configuration and Compliance Policy for AWS RDS – Amazon Aurora (MySQL)
• Qualys Security Configuration and Compliance Policy for AWS RDS – Amazon Aurora (PostgreSQL)
• Qualys Security Configuration and Compliance Policy for EulerOS 2.x

If you have any questions, please contact your TAM or Technical Support. See all library updates.