Policy Compliance Library Updates, November 2022

Pronamika Abraham

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.

The November release includes three CIS Benchmark policies, nine DISA STIG policies, one new industry and best practice policy, and deprecates some of the existing policies.

Qualys’ Certification Page at CIS has been updated. 

New CIS Benchmark Policies 

CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS-certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community. 

This release contains the following new CIS Benchmark policies: 

  • CIS Benchmark for Azure Kubernetes Service (AKS), v1.2.0 
  • CIS Benchmark for RedHat OpenShift Container Platform, v1.2.0  
  • CIS Benchmark for Microsoft Windows 10 Stand-alone, v1.0.1 

New DISA STIG Policies 

  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V2R4 
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V2R4 
  • DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R6 
  • DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x, V2R6 
  • DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM, V2R1 
  • DISA Security Technical Implementation Guide (STIG) for Juniper Router RTR, V2R4 
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SharePoint 2013, V2R3 
  • DISA Security Technical Implementation Guide (STIG) for Microsoft (MS) Windows Defender Antivirus, V2R4 
  • DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 6.7 for Windows, V1R3 

New Industry and Best Practice Policies  

  • Security Configuration and Compliance Policy for Apple for macOS 13.0 Ventura 

Deprecated Policies 

This month’s package deprecates the following policies: 

Network Devices 

  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V2R3 
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V2R3 
  • DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM, V1R5 
  • DISA Security Technical Implementation Guide (STIG) for Juniper Router RTR, V2R2 

Applications 

  • DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 6.7 for Windows, V1R1 
  • CIS Benchmark for Azure Kubernetes Service (AKS), v1.1.0  
  • DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R5 
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SharePoint 2013, V2R1 
  • DISA Security Technical Implementation Guide (STIG) for Microsoft (MS) Windows Defender Antivirus, V2R3 

Operating Systems  

  • DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x, V2R4 

Policy Updates 

  • Policy re-release to incorporate changes in CID:  
    • CIS Benchmark for Cisco IOS 15, V4.1.1
    • CIS Benchmark for Cisco IOS 16, v1.1.2
    • CIS Benchmark for Cisco IOS 17.x, v1.0.0 
    • Security Configuration and Compliance Policy for Cisco IOS XE 17.x
  • Policy re-release to update control configuration for controls (9724, 9725, 23814, 23815): 
    • CIS Benchmark for Red Hat Enterprise Linux 8, v2.0.0 
  • Policy update to replace CID 7792 with CID 23246 and verify regex value: 
    • CIS Benchmark for Apache HTTP Server 2.4, v2.0.0  
  • Policy update to replace CID 7326 with 10733: 
    • CIS Benchmark for CentOS Linux 7, v3.1.2 
  • Policy re-release to include additional controls (21451, 21452): 
    • CIS Benchmark for Amazon Linux 2, v2.0.0 
  • A policy title update for the following policies: 
    • DISA Apple macOS 12 (Monterey) Security Technical Implementation Guide Ver1 Rel 3      
    • DISA Security Technical Implementation Guide (STIG) for Apple macOS 11 Ver 1 Rel 6      
    • DISA Security Technical Implementation Guide (STIG) for Apple macOS 10.15, Ver 1 Rel 9      
    • DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, Ver 2 Rel 5      
    • DISA Security Technical Implementation Guide (STIG) for Apple macOS 10.14, Ver 2 Rel 5      
    • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX,Ver 2 Rel 3      
    • DISA Apache Tomcat Application Server 9 Security Technical Implementation Guide Ver 2 Rel 4      
    • DISA Security Technical Implementation Guide (STIG) for Oracle Database 11.2g, Ver 2 Rel 3      
    • DISA Security Technical Implementation Guide (STIG) for Microsoft Word 2013, Ver 1 Rel 6      
    • DISA Security Technical Implementation Guide (STIG) for Microsoft Outlook 2013, Ver 1 Rel 13      
    • DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2013, Ver 2 Rel 1      
    • DISA Security Technical Implementation Guide (STIG) for Microsoft PowerPoint 2013, Ver 1 Rel 6 
  • Policy re-release to update the regex for 14507: 
    • CIS Benchmark for F5 Networks, v1.0.0 

Coming Next Month  

The following policies and updates are currently planned for release to the policy library next month: 

New Coverage: 

  • CIS Benchmark for Apache Tomcat 10 v1.0.0 
  • CIS Benchmark for Apple macOS 12.0 Monterey v1.1.0 
  • CIS Benchmark for Apple macOS 11.0 Big Sur v2.1.0 
  • CIS Benchmark for Apple macOS 10.15 Catalina v2.1.0 
  • CIS Benchmark for IBM AIX 7.1 v2.1.0 
  • CIS Benchmark for Fortigate v1.0.0 
  • CIS Benchmark for MongoDB 5 v1.1.0  
  • CIS Benchmark for Microsoft Edge v1.1.0 
  • CIS Benchmark for Microsoft Windows Server 2012 non-R2 v2.4.0 
  • CIS Benchmark for Microsoft Windows Server 2008 (non-R2), v3.3.0 
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM, V2R4  
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch RTR, V2R2  
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S, V2R3 
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch L2S, V2R3  
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch RTR, V2R2 
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 – Ver 1, Rel 1 
  • DISA Security Technical Implementation Guide (STIG) for MongoDB Enterprise Advanced 4.x – Ver 1, Rel 1 
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8 – Ver 1, Rel 8  
  • Qualys Security and Configuration policy for Rocky Linux 9 

If you have any questions, please contact your TAM or Technical Support.  See all library updates

Share your Comments

Comments

Your email address will not be published. Required fields are marked *