Policy Compliance Library Updates, March 2022

Pronamika Abraham
Pronamika Abraham, Principal Information Developer, Qualys
- 6 min read

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.

The March release includes seven CIS Benchmark policies, one industry and best practice policies, 11 DISA STIG policies, one new vendor policy, and provides updates to some of the existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

  • CIS Benchmark for Apple Mac OS 10.14, v2.0.0
  • CIS Benchmark for Apple Mac OS 10.15, v2.0.0
  • CIS Benchmark for Microsoft Windows Server 2022, v1.0.0
  • CIS Benchmark for Microsoft Windows 11 Enterprise, v1.0.0
  • CIS Benchmark for NGINX v1.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 7 STIG , v2.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 8 STIG , v1.0.0

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance Policy for EulerOS 2.x

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 10.15, V1R7
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Java Runtime Environment (JRE) version 8 STIG for Windows, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Oracle Database 11.2g, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R6
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R5
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Ubuntu 18.04 LTS, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Ubuntu 20.04 LTS, V1R3

New Vendor Policies

  • Microsoft Security Baseline for Microsoft Edge Version 96

Deprecated Policies

This month’s package deprecates the following policies:

Network Devices:

  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V2R2

Applications:

  • Microsoft Security Baseline for Microsoft Edge Version 86
  • DISA Security Technical Implementation Guide (STIG) for Java Runtime Environment (JRE) version 8 STIG for Windows, V1R5

Linux:

  • CIS Benchmark for Red Hat Enterprise Linux 7 STIG, v1.0.0 [Scored and Not Scored, Level 1, Level 2 and Level 3 – STIG]
  • CIS Benchmark for Red Hat Enterprise Linux 7 STIG, v1.0.0 [Scored and Not Scored, Level 1]
  • CIS Benchmark for Red Hat Enterprise Linux 7 STIG, v1.0.0 [Scored and Not Scored, Level 2]
  • CIS Benchmark for Red Hat Enterprise Linux 7 STIG, v1.0.0 [Scored and Not Scored, Level 3 – STIG]
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R4
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R3
  • DISA Security Technical Implementation Guide (STIG) for Ubuntu 20.04 LTS, V1R1
  • DISA Security Technical Implementation Guide (STIG) for Ubuntu 18.04 LTS, V2R4
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V2R4

Databases:

  • DISA Security Technical Implementation Guide (STIG) for Oracle Database 11.2g, V1R19
  • DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, V1R18

Apple:

  • CIS Benchmark for Apple Mac OS 10.14, v1.1.0 [Automated and Manual, Level 1 and Level 2]
  • CIS Benchmark for Apple Mac OS 10.14, v1.1.0 [Automated and Manual, Level 1]
  • CIS Benchmark for Apple Mac OS 10.15, v1.1.0 [Automated and Manual, Level 1 and Level 2]
  • CIS Benchmark for Apple Mac OS 10.15, v1.1.0 [Automated and Manual, Level 1]
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 10.14, Ver 2 Rel 4
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 10.15, Ver 1 Rel 5
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 11 Ver 1 Rel 3

Updated Library Policies

The following updated policies have been updated in this month’s package:

  • Policy re-release to add new technology support for FortiOS 7 
    • Qualys Security Configuration and Compliance Policy for Fortinet Firewall
  • Policy re-release for CID and NL value update:
    • CIS Benchmark for Cisco IOS 15, V4.1.0 
    • CIS Benchmark for Cisco IOS 16, v1.1.0
  • Policy re-release to update the CIS references:
    • CIS Benchmark for MongoDB 4, v1.0.0

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • CIS Benchmark for Microsoft Windows 10 Enterprise Release 21H2 v1.12.0
  • DISA Security Technical Implementation Guide (STIG) for Apache Tomcat Application Server 9 Ver 2 Rel 4
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for Windows, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for Windows, V1R3
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router NDM, V1R4
  • DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Kubernetes, V1R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Edge Transport Server, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft (MS) Windows Defender Antivirus, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Oracle Linux 6 – V2R6
  • DISA Security Technical Implementation Guide (STIG) for Oracle Linux 7 – V2R6
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V2R6
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere vcenter 6.5 v2r2
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere vcenter 6.7 v1r1
  • Qualys Security Configuration Policy for AWS RDS – Amazon Aurora (MySQL)
  • Qualys Security Configuration Policy for AWS RDS – Amazon Aurora (PostgreSQL)
  • Qualys Security Configuration Policy for Azure Database for MariaDB
  • Qualys Security Configuration Policy for Azure Database for MySQL
  • Qualys Security Configuration and Compliance Policy for Debian Linux 11.x

If you have any questions, please contact your TAM or Technical Support. See all library updates.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *