Policy Compliance Library Updates, August 2022

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.

The August release includes six CIS Benchmark policies, six industry and best practice policies, four DISA STIG  policies, and provides updates to some of the existing policies in the Qualys Content Library. This month’s package also deprecates some of the existing policies.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS-certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

  • CIS Benchmark for Cisco IOS 16, v1.1.2
  • CIS Benchmark for Red Hat Fedora 28, v2.0.0
  • CIS Benchmark for Oracle MySQL Enterprise Edition 8.0, v1.2.0
  • CIS Benchmark for Microsoft Windows 10 EMS Gateway, v1.1.0
  • CIS Benchmark for Microsoft Windows Server 2012 R2, v2.6.0
  • CIS Benchmark for Microsoft Windows Server 2016 STIG, v1.2.0

New Industry and Best Practice Policies

  • Security Configuration and Compliance Policy for RHEL 9.x
  • Security Configuration and Compliance Policy for Ubuntu Linux 22.x
  • Qualys Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 12 Monterey 800-53 R5 High
  • Qualys Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 12 Monterey 800-53 R5 Low
  • Qualys Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 12 Monterey 800-53 R5 Moderate
  • Qualys Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 12 Monterey 800-171

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Crunchy Data PostgreSQL, V2R1
  • DISA Security Technical Implementation Guide (STIG) for PostgreSQL 9.x, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Solaris 10, V2R2
  • DISA Security Technical Implementation Guide (STIG) for MongoDB Enterprise Advanced 3.x, V2R1

Deprecated Policies

This month’s package deprecates the following policies:

Operations Systems:

  • CIS Benchmark for Fedora 28, v1.0.0
  • CIS Benchmark for Microsoft Windows 10 EMS Gateway, v1.0.0
  • CIS Microsoft Windows Server 2016 STIG Benchmark, v1.1.0
  • CIS Microsoft Windows Server 2012 R2, v2.5.0

Network Devices:

  • CIS Benchmark for Cisco IOS 16, v1.1.0

Databases:

  • CIS Benchmark for Oracle MySQL Enterprise Edition 8.0, v1.1.0
  • DISA Security Technical Implementation Guide (STIG) for MongoDB Enterprise Advanced 3.x, V1R2
  • DISA Security Technical Implementation Guide (STIG) for PostgreSQL 9.x, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Crunchy Data PostgreSQL, V1R1

Updated Library Policies

The following policy has been updated in this month’s package:

  • Policy re-release to change the format of the control reference numbers:
    • CIS Benchmark for Oracle Solaris 10, v5.2.0
  • Policy re-release to correct the reference numbers for controls as per the benchmark:
    • CIS Benchmark for Red Hat Enterprise Linux 7, v3.1.1
  • Policy re-release to replace CID 8916 with CID 24112:
    • CIS Benchmark for Apple Mac OS 12.0 Monterey, v1.0.0
  • Policy re-release to update cardinality of CID 9771:
    •  CIS Benchmark for Apple macOS 11.0 Big Sur, v2.0.0

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • CIS Benchmark for Cisco IOS 15 v4.1.1
  • CIS Benchmark for Microsoft Windows Server 2008 R2 v3.3.0
  • CIS Benchmark for Microsoft Windows Server 2012 non-R2 v2.4.0
  • CIS Benchmark for MongoDB 5 v1.1.0
  • CIS Benchmark for RedHat OpenShift Container Platform v4 
  • CIS Benchmark for RedHat Openshift Container Platform V1.2.0
  • CIS Benchmark for Cisco IOS 15.x v4.1.1
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 12 (Monterey) – V1R3
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 11 (Big Sur), V1R6
  • DISA Security Technical Implementation Guide (STIG) for Apple OS X 10.15, V1R9
  • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 18.04 LTS – V2R8
  • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS – V1R5
  • DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x – V2R6
  • DISA Security Technical Implementation Guide (STIG) for Kubernetes – V1R6
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 10 – V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11 – V1R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 and 2012 R2 DC – V3R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 – V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 – V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Database – V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Instance V2R7
  • DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox – V6R1
  • DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c – V2R5
  • DISA Security Technical Implementation Guide (STIG) for Oracle Linux 7 – V2R8
  • DISA Security Technical Implementation Guide (STIG) for Oracle Linux 8 – V1R3
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8 – V1R7
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7 – V3R8
  • DISA Security Technical Implementation Guide (STIG) for Solaris 10 SPARC – V2R2
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise Server 12 – V2R7
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise Server 15 – V1R7

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *