Policy Compliance Library Updates, December 2022

Pronamika Abraham
Pronamika Abraham, Principal Information Developer, Qualys
- 4 min read

Table of Contents

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.

The December release includes 12 CIS Benchmark policies, nine DISA STIG  policies, and seven new industry and best practice policies.

Qualys’ Certification Page at CIS has been updated

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS-certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies

  • CIS Benchmark for Apache Tomcat 10 v1.0.0
  • CIS Benchmark for Apple macOS 10.15 Catalina v2.1.0
  • CIS Benchmark for Apple macOS 11.0 Big Sur v2.1.0
  • CIS Benchmark for Apple macOS 12.0 Monterey v1.1.0
  • CIS Benchmark for Apple macOS 13.0 Ventura v1.0.0
  • CIS Benchmark for Google Kubernetes Engine (GKE), v1.3.0
  • CIS Benchmark for Fortigate v1.0.0
  • CIS Benchmark for IBM AIX 7.1 v2.1.0
  • CIS Benchmark for IBM DB2 11 v1.0.0
  • CIS Benchmark for Microsoft Edge v1.1.0
  • CIS Benchmark for Microsoft Windows Server 2012 non-R2 v2.4.0
  • CIS Benchmark for Microsoft Windows Server 2008 R2 v3.3.0

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM and RTR, V2R5
  • DISA Security Technical Implementation Guide (STIG) for Cisco XE Switch NDM, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch RTR, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch L2S, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 – Ver 1, Rel 1
  • DISA Security Technical Implementation Guide (STIG) for MongoDB Enterprise Advanced 4.x, V1R1
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8 STIG – Ver 1, Rel 8

New Industry and Best Practice Policies

  • Security Configuration and Compliance Policy for Apache Cassandra 4.x
  • Security Configuration and Compliance Policy for Apache Hadoop 3.x
  • Security Configuration and Compliance Policy for Microsoft Office 2021
  • Security Configuration and Compliance Policy for Microsoft Office Excel 2021
  • Security Configuration and Compliance Policy for Microsoft Office Outlook 2021
  • Security Configuration and Compliance Policy for Microsoft Office Word 2021
  • Security Configuration and Compliance Policy for Rocky Linux 9

Policy Updates

  • Policy re-release to include “Not Scored” checks:
    • Suse 11 v2.1.0
      • CIS Benchmark for SUSE Linux Enterprise 11.x, v2.1.0
    • Ubuntu 14 v2.1.0
      • CIS Benchmark for Ubuntu Linux 14.04 LTS, v2.1.0
    • Amazon Linux AMI
      • CIS Benchmark for Amazon Linux 2016, v2.0.0
    • Debian 9
      • CIS Benchmark for Debian Linux 9, v1.0.0
  • Policy review and re-release:
    • CIS Benchmark for Debian Linux 9, v1.0.0
    • CIS Benchmark for Debian Family Linux, v1.0.0
    • CIS Benchmark for Oracle Solaris 10, v5.2.0
    • CIS Benchmark for Oracle Solaris 11, v1.1.0
    • CIS Benchmark for Ubuntu Linux 18.04 LXD Host
  • Policy re-release to add new signature:
    • CIS Benchmark for Apple macOS 10.15 Catalina v2.1.0
    • CIS Benchmark for Apple macOS 11.0 Big Sur v2.1.0
    • CIS Benchmark for Apple macOS 12.0 Monterey v1.1.0
  • Policy re-release to review inactive controls:
    • CIS Benchmark for Apple Mac OS 10.14, v2.0.0
  • Policy re-release to update regex for CID 5241:
    • DISA Security Implementation Guide (STIG) for Windows Server 2019 MS, V2R3

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • CIS Benchmark for Azure Compute Microsoft Windows Server 2019 v1.0.0
  • CIS Benchmark for Debian Linux 11 v1.0.0
  • CIS Benchmark for IBM AIX 7.2 v1.0.0
  • CIS Benchmark for Kubernetes 1.24 v1.0.0
  • CIS Benchmark for Microsoft Intune for Windows 10 v1.1.0
  • CIS Benchmark for Microsoft Office Enterprise v1.0.0
  • CIS Benchmark for MongoDB 5 v1.1.0
  • CIS Benchmark for RedHat Enterprise Linux 9 v1.0.0
  • CIS Benchmark for Tomcat 9 v1.2.0
  • DISA Security Technical Implementation Guide (STIG) for
  • Security and Configuration Policy for Alpine Linux 3.x
  • Security Configuration and Compliance Policy for Extreme Networks VOSS 9.x and 10.x
  • Security Configuration and Compliance Policy for Microsoft Access 2021
  • Security Configuration and Compliance Policy for TeraData

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *