Policy Compliance Library Updates, April 2022

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.

The April release includes two CIS Benchmark policies, three industry and best practice policies, 19 DISA STIG policies, and provides updates to some of the existing policies in the Qualys Content Library. This month’s package also deprecates some of the existing policies for network devices and applications.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

  • CIS Benchmark for Microsoft Windows 10 Enterprise Release 21H2 v1.12.0
  • CIS Benchmark for Docker Benchmark, v1.4.0

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance Policy for Debian Linux 11
  • Qualys Security Configuration and Compliance Policy for AWS RDS – Amazon Aurora (MySQL)
  • Qualys Security Configuration and Compliance Policy for AWS RDS – Amazon Aurora (PostgreSQL)

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Apache Tomcat Application Server 9 V2R4
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for Windows, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for Windows, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router NDM, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R5
  • DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Internet Explorer 11, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Kubernetes, V1R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Edge Transport Server, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Outlook 2016, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Defender Antivirus, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Oracle Linux 6, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Oracle Linux 7, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V2R6

Deprecated Policies

This month’s package deprecates the following policies:

Network Devices:

  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router NDM, V1R4

Applications:

  • DISA Security Technical Implementation Guide (STIG) for Microsoft (MS) Windows Defender Antivirus, V2R2
  • DISA Apache Tomcat Application Server 9 Security Technical Implementation Guide Ver 2 Rel 2
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for Windows, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for Windows, V1R3
  • CIS Benchmark for Docker Benchmark, v1.3.1 [Automated and Manual, Level 1 – Docker – Linux, Level 2 – Docker – Linux, Level 1 – Linux Host OS and Level 2 – Linux Host OS]
  • DISA Security Technical Implementation Guide (STIG) for Kubernetes, V1R2
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Edge Transport Server, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Internet Explorer 11, V1R19
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R2
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Outlook 2016, V2R1

Linux:

  • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 6, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V2R4
  • DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x, V2R3

Updated Library Policies

The following updated policies have been updated in this month’s package:

  • Policy re-release to add new technology support for JunOS 21
    • CIS Benchmark for JunOS
  • Policy review and re-release:
    • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, Ver 2 Rel 3
  • Policy re-release to update regex for CID 10832
    • CIS Benchmark for Apache HTTP Server 2.2 v3.2.0
  • Policy re-release to accommodate several changes in Control IDs:
    • CIS Benchmark for RHEL 7 v3.1.1

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • CIS Benchmark for Cisco ACS
  • CIS Controls Commonly Exploited Protocols: Windows Management Instrument (WMI)
  • CIS Controls v8 Exploited Protocols Guide-SMB v21.10.Online
  • CIS Benchmark for Azure Kubernetes Service (AKS)
  • CIS Benchmark for Kubernetes V1.23, v1.0.0
  • CIS Benchmark for Microsoft Windows 10 EMS Gateway v1.0.0
  • CIS Benchmark for Palo Alto Firewall 10 v1.0.0
  • CIS Benchmark for PostgreSQL 14 v1.0.0
  • CIS Benchmark for SUSE Linux Enterprise 12 v3.1.0
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 12, V1R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router RTR, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Crunchy Data PostgreSQL STIG – V1R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Privileged Access Workstation (PAW) STIG – V2R1
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise Server (SLES) 15 – V1R5
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere vcenter 6.5 – V2R2
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere vcenter 6.7 – V1R1
  • DISA Security Technical Implementation Guide (STIG) for VMware ESXi 5.0, V2R1
  • Qualys Security Configuration and Compliance Policy for Azure Database for MySQL
  • Qualys Security Configuration and Compliance Policy for Azure Database for MariaDB
  • Qualys Security Configuration and Compliance Policy for Generic Linux

If you have any questions, please contact your TAM or Technical Support. See all library updates.

Share your Comments

Comments

Your email address will not be published.