Policy Compliance Library Updates, May 2022

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.

The May release includes seven CIS Benchmark policies, four industry and best practice policies, seven DISA STIG policies, and provides updates to some of the existing policies in the Qualys Content Library. This month’s package also deprecates some of the existing policies for network devices and applications.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

  • CIS Benchmark for Azure Kubernetes Service (AKS), v1.1.0
  • CIS Benchmark for Kubernetes V1.23, v1.0.0
  • CIS Benchmark for Microsoft Windows 10 EMS Gateway, v1.0.0
  • CIS Benchmark for Palo Alto Firewall 10, v1.0.0
  • CIS Benchmark for PostgreSQL 14 v1.0.0
  • CIS Guideline for Exploited Protocols: Server Message Block (SMB)
  • CIS Guideline for Exploited Protocols: Windows Management Instrumentation (WMI)

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance Policy for Cisco ACS
  • Qualys Security Configuration and Compliance Policy for Generic Linux
  • Qualys Security Configuration and Compliance Policy for Azure Database for MariaDB
  • Security Configuration and Compliance Policy for IBM Websphere MQ (Windows)

New DISA STIG Policies

  • DISA Security Technical Implementation Guide for Apple macOS 12 (Monterey) V1R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router RTR, V2R1 
  • DISA Security Technical Implementation Guide (STIG) for Crunchy Data PostgreSQL – V1R1
  • DISA Security Technical Implementation Guide (STIG) for  Linux Enterprise Server (SLES) 15 – V1R5
  • DISA Security Technical Implementation Guide (STIG) for VMware ESXi 5.0, V2R1 
  • DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 6.5 for Windows, V2R2
  • DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 6.7 for Windows, V1R1

Deprecated Policies

This month’s package deprecates the following policies:

Network Devices

  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router RTR, V1R4

Applications

  • CIS Benchmark for Kubernetes V1.20, v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for VMware ESXi 5.0, V1R10

Updated Library Policies

The following updated policies have been updated in this month’s package:

  • Policy update to add additional controls  
    • DISA Security Technical Implementation Guide (STIG) for Apple macOS 12 V1R1
    • CIS Benchmark for Red Hat Enterprise Linux 7 STIG, v2.0.0
    • CIS Benchmark for Red Hat 8, v1.0.1
    • CIS Benchmark for Oracle Linux 6, v2.0.0
    • CIS Benchmark for Microsoft Windows 10 Enterprise, v1.12.0

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • CentOS Linux 8 Benchmark v2.0.0
  • CIS Benchmark for Cisco IOS 17.x v1.0.0
  • CIS Benchmark for Google Kubernetes Engine (GKE)
  • CIS Benchmark for Microsoft Windows Server 2019 STIG v1.1.0
  • CIS Benchmark for Microsoft Windows Server 2019 v1.3.0
  • CIS Benchmark for Oracle MySQL Community Server 5.7 v2.0.0
  • CIS Benchmark for Oracle MySQL Enterprise Edition 5.7 v2.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 8 v2.0.0
  • CIS Benchmark for Rocky Linux 8 v1.0.0
  • CIS Benchmark for SUSE Linux Enterprise 12 v3.1.0
  • DISA Security Technical Implementation Guide (STIG) for EDB Postgres Advanced Server V2R1
  • DISA Security Technical Implementation Guide (STIG) for EDB Postgres Advanced Server v11 for Windows V2R1
  • DISA Security Technical Implementation Guide (STIG) for Red Hat JBoss Enterprise Application Platform (EAP) 6.3 V2R3
  • DISA Security Technical Implementation Guide (STIG) for Solaris 10 x86 V2R2
  • DISA Security Technical Implementation Guide (STIG) for Solaris 10 SPARC V2R 2
  • Qualys Security Configuration and Compliance Policy for Azure Database for MySQL
  • Qualys Security Configuration and Compliance Policy for WebLogic Server 14c

If you have any questions, please contact your TAM or Technical Support. See all library updates.

Share your Comments

Comments

Your email address will not be published.