Policy Compliance Library Updates, October 2022

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies. The October release includes four CIS Benchmark policies, 20 DISA STIG  policies, and deprecates some of the existing policies.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS-certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

  • CIS Benchmark for Aliyun Linux 2 v1.0.0
  • CIS Benchmark for Alma Linux 8, v2.0.0
  • CIS IBM WebSphere Liberty Benchmark v1.0.0
  • CIS Benchmark for Ubuntu Linux 22.04 LTS, v1.0.0

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 10.15, Ver 1 Rel 9
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 11 Ver 1 Rel 6
  • DISA Apple macOS 12 (Monterey) Security Technical Implementation Guide Ver1 Rel 3
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 12 (Monterey), Ver 1 Rel 3
  • DISA Security Technical Implementation Guide (STIG) for Kubernetes, V1R6
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R5
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Edge Transport Server, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Internet Explorer 11, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Outlook 2016, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Windows 11, V1R1
  • DISA Security Technical Implementation Guide (STIG) for DISA Microsoft Windows 2012 DC, V3R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 DC , V3R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 MS, V3R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 MS, V3R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Microsoft Windows Server 2019 DC, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Microsoft Windows Server 2019 MS, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox, V6R3
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks NDM, V2R1

Deprecated Policies

This month’s package deprecates the following policies:

Operating System:

  • CIS Benchmark for Alma Linux 8, v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 10.15, Ver 1 Rel 7
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 11 Ver 1 Rel 5
  • DISA Apple macOS 12 (Monterey) Security Technical Implementation Guide V1R1
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2) DC, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 DC, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2) MS, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 MS, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 MS, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 DC, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2019 DC, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2019 MS, V2R3

Applications:

  • DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox, V5R2
  • DISA Security Technical Implementation Guide (STIG) for Kubernetes, V1R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Edge Transport Server, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Internet Explorer 11, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Outlook 2016, V2R2

Network Devices:

  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks NDM, V1R4

Policy Updates

  • Policy re-release for technology support on both Scanner and OCA
    • Security Configuration and Compliance Policy for ArubaOS 6.x
    • Security Configuration and Compliance Policy for ArubaOS 8.x
    • Security Configuration and Compliance Policy for Cisco WLC 8.x
    • Security Configuration and Compliance Policy for Comware 5
    • Security Configuration and Compliance Policy for Comware 7
    • Security Configuration and Compliance Policy for Riverbed SteelHead RiOS 9.x
  • Policy update for ‘Setting not found’ for CID 9380 and add to add missing controls:
    • CIS Benchmark for Red Hat Enterprise Linux 8, v2.0.0
  • Policy update to add CID 11135 in CIS PostgreSQL 10 v1.0.0 policy:
    • CIS Benchmark for PostgreSQL 10, v1.0.0

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • CIS Benchmark for Azure Kubernetes v1.2.0
  • CIS Benchmark for RedHat OpenShift Container Platform v4
  • CIS Benchmark for Microsoft Windows Server 2012 non-R2 v2.4.0
  • CIS Benchmark Microsoft Windows 10 Stand-alone v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox for Windows Benchmark, Ver 1 Rel 1
  • DISA Security Technical Implementation Guide (STIG) for Google Chrome, Ver 2, Rel 6
  • DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x, Ver 2, Rel 6
  • DISA Security Technical Implementation Guide (STIG) for Juniper Router
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Defender Antivirus, Ver 2, Rel 4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SharePoint 2013, Ver 2 Rel 3
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere 6.7 (ESXi – V1R2, Virtual Machine – V1R2, vCenter – V1R2)
  • Qualys Security and Configuration policy for macOS 13 Ventura 6

Policies to be Deprecated:

Operating System:

  • Security Configuration and Compliance Policy for Ubuntu Linux 22.x

Databases:

  • CIS Benchmark for PostgreSQL 10, v1.0.0

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

Share your Comments

Comments

Your email address will not be published.