Policy Compliance Library Updates, July 2022

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.

The July release includes 11 CIS Benchmark policies, two industry and best practice policies, three mandate-based policies, and provides updates to some of the existing policies in the Qualys Content Library. This month’s package also adds new templates for mandate-based reporting.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS-certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

CIS Benchmark for Google Kubernetes Engine (GKE) v1.2.0
CIS Benchmark for Kubernetes V1.23 v1.0.1
CIS Microsoft Intune for Windows 10 (Release 2004) Benchmark v1.0.1
CIS Benchmark for Microsoft Windows Server 2019 STIG v1.1.0
CIS Benchmark for Microsoft Windows 2016 v1.4.0
CIS Benchmark for Microsoft Windows 10 Enterprise (Release 20H2 or older) v1.10.1
CIS Benchmark for Oracle Linux 8 v2.0.0
CIS Benchmark for Palo Alto Firewall 9 v1.0.1
CIS Benchmark for SUSE Linux Enterprise 12.x v3.1.0
CIS Benchmark for SUSE Linux Enterprise 15.x v1.1.1
CIS Benchmark for VMware ESXi 6.7 v1.2.0

New Industry and Best Practice Policies

Security Configuration and Compliance Policy for Tomcat 10.x
Compensatory Controls for 2021 Top Routinely Exploited Vulnerabilities

Deprecated Policies

This month’s package deprecates the following policies:

Operations Systems:

CIS Benchmark for SUSE Linux Enterprise 12.x, v3.0.0
CIS Benchmark for Oracle Linux 8, v1.0.1
CIS Benchmark for Microsoft Windows 10 Enterprise (Release 20H2 or older), v1.10.0
CIS Microsoft Intune for Windows 10 (Release 2004) Benchmark, v1.0.0
CIS Benchmark for SUSE Linux Enterprise 15.x, v1.1.0
CIS Benchmark for Microsoft Windows 2019 STIG Benchmark, v1.0.1
CIS Benchmark for Microsoft Windows 2016 RTM (Release 1607), v1.3.0

Network Devices:

CIS Benchmark for Palo Alto Firewall 9, v1.0.0
Security Configuration and Compliance Policy for Palo Alto Firewall 10

Applications:

CIS Benchmark for Kubernetes V1.23, v1.0.0
CIS Benchmark for VMware ESXi 6.7, V1.1.0

Apple:

Security Configuration and Compliance Policy for Apple macOS 11.0

New Mandate Support

This release adds the following new templates for mandate-based reporting:

2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy
Qatar 2022 Cybersecurity Framework, version 1.0
National Information Assurance Policy, v2.0

Updated Library Policies

The following policies have been updated in this month’s package:

Policy update and rename to add support for WebLogic Server 14
- Security Configuration and Compliance Policy for Oracle WebLogic Server
Policy re-release for changes in CID 13907
- CIS Benchmark for Palo Alto Firewall 10, v1.0.0
Policy re-release for configuration changes in CIDs 21410 and 13896
- CIS Benchmark for Apple Mac OS X 10.8, v1.1.0
Policy re-release for configuration changes in CIDs 21410 and 13896
- CIS Benchmark for Apple Mac OS 12.0 Monterey v1.0.0
Policy update to replace controls 9560 and 9561 with 24147 and 24148 respectively:
- CIS Benchmark for Apache Tomcat 7 v.1.1.0
Policy re-relase to replace CID 8898 with CID 19836:
- CIS Apple macOS 11.0 Big Sur Benchmark v2.0.0
- CIS Benchmark for Apple Mac OS 12.0 Monterey v1.0.0
Policy re-release to accommodate several changes in Control IDs:
- CIS Benchmark for Cisco IOS 17.x, v1.0.0
Policy update to add additional controls:
- CIS Benchmark for SUSE Linux Enterprise 12.x, v3.1.0
Policy re-relase to update Control evaluation for CID 14211:
- Cybersecurity Maturity Model Certification (CMMC) v1.0 for Database
- CIS Benchmark for PostgreSQL 9.5, v1.1.0
- CIS Benchmark for PostgreSQL 9.6, v1.0.0
- CIS Benchmark for PostgreSQL 10, v1.0.0
- CIS Benchmark for PostgreSQL 11, v1.0.0
- CIS Benchmark for PostgreSQL 12, v1.0.0
- CIS Benchmark for PostgreSQL 13, v1.0.0
- CIS Benchmark for PostgreSQL 14, v1.0.0
- CRI Cyber Profile for Database, v1.1
- PCI-DSS (Payment Card Industry Data Security Standard) v3.2.1 – Database
- NIST 800-53 Rev 4 for Database
- NIST 800-53 Rev 5 for Database
- Security Configuration and Compliance Policy for Pivotal Greenplum 5.x
- Security Configuration and Compliance Policy for Pivotal Greenplum 6.x

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

CIS Benchmark for Cisco IOS 16 v1.1.2
CIS Benchmark for Fedora 28 Family Linux v2.0.0
CIS Benchmark for Microsoft Windows 10 EMS Gateway v1.1.0
CIS Benchmark for Microsoft Windows Server 2016 STIG v1.2.0
CIS Benchmark for Microsoft Windows Server 2012 R2 v2.6.0
CIS Benchmark for Oracle MySQL Enterprise Edition 8.0 Benchmark v1.2.0
CIS Benchmark for RedHat OpenShift Container Platform v4
DISA Security Technical Implementation Guide (STIG) for Solaris 10 SPARC STIG – Ver 2, Rel 2
DISA Security Technical Implementation Guide (STIG) for Solaris 10 x86 STIG – Ver 2, Rel 2
Security Configuration and Compliance Policy for RHEL 9
Security Configuration and Compliance Policy for Ubuntu 22

If you have any questions, please contact your TAM or Technical Support. See all library updates.