Policy Compliance Library Updates, January 2023
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.
To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.
The January release includes six CIS Benchmark policies, two new vendor policies, and one industry and best practice policy. It also deprecates some of the existing policies.
Qualys’ Certification Page at CIS has been updated.
New CIS Benchmark Policies
CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS-certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.
This release contains the following new CIS Benchmark policies:
- CIS Benchmark for Apache Tomcat 9, v1.2.0
- CIS Benchmark for Apple macOS 12.0 Monterey v1.1.0
- CIS Benchmark for Debian Linux 11, v1.0.0
- CIS Benchmark for IBM AIX 7.2 Benchmark, v1.0.0
- CIS Benchmark for Microsoft Intune for Windows 10, v1.1.0
- CIS Benchmark for Red Hat Enterprise Linux 9, v1.0.0
New Vendor Policies
- Microsoft Security Baseline for Windows 10 version 22H2
- Microsoft Security Baseline for Windows 11 version 22H2
New Industry and Best Practice Policies
- Qualys Security Configuration and Compliance Policy for F5 BIG-IQ
Deprecated Policies
This month’s package deprecates the following policies:
Operating Systems
- CIS Microsoft Intune for Windows 10 (Release 2004) Benchmark, v1.0.1
- Security Configuration and Compliance Policy for Debian Linux 11.x
- Security Configuration and Compliance Policy for Red Hat Enterprise Linux 9.x
Applications
- CIS Benchmark for Apache Tomcat 9, v1.1.0
Policy Updates
- Policy review and re-release for missing controls
- CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1903), v1.7.1
- Policy re-release to add RHET 7 to control 25065
- CIS Benchmark for IBM DB2 11.x, v1.0.0
- Policy update
- CIS Benchmark for Microsoft Windows 10 Stand-alone, v1.0.1
- Policy update for control configuration changes
- CIS Benchmark for Alma Linux 8, v2.0.0
- Policy re-release
- CIS Benchmark for Microsoft Edge, v1.1.0
Coming Next Month
The following policies and updates are currently planned for release to the policy library next month:
New Coverage
- CIS Benchmark for Amazon Elastic Kubernetes Service (EKS) v1.2.0
- CIS Benchmark for Azure Compute Microsoft Windows Server 2019 v1.0.0
- CIS Benchmark for Microsoft IIS 10 v1.2.0
- CIS Benchmark for Microsoft Windows 11 Stand-alone v1.0.0
- CIS Benchmark for MongoDB 5 v1.1.0
- CIS Benchmark for NGINX v2.0.0
- CIS Benchmark for Oracle Database 19c v1.1.0
- CIS Benchmark for Redhat OpenShift Container Platform v1.3.0
- CIS Benchmark for Rocky Linux 9 v1.0.0
- DISA Benchmark support for IBM WebSphere Liberty Server STIG – Ver 1 Rel 1
- DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R9
- Microsoft Defender for Endpoint security baseline in Intune
- US Cybersecurity Maturity Model Certification (CMMC) 2.0 Level1 and Level2 – Applications
- Windows 10/11 MDM security baseline in Intune
- Qualys Security and Configuration policy for CloudLinux 6.x,7.x, and 8.x
- Qualys Security and Configuration policy for Oracle Linux 9.x
If you have any questions, please contact your TAM or Technical Support. See all library updates.