Policy Compliance Library Updates, February 2023
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.
To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by end of the month that includes bug fixes and updated policies.
The February release includes ten CIS Benchmark policies, seven DISA Security Technical Implementation Guide (STIG) policies, five vendor policies, ten mandate-based policies, and four industry and best practice policies. It also deprecates some of the existing policies.
Qualys’ Certification Page at CIS has been updated.
New CIS Benchmark Policies
CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS-certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.
This release contains the following new CIS Benchmark policies:
- CIS Benchmark for Amazon Elastic Kubernetes Service (EKS), v1.2.0
- CIS Benchmark for Azure Compute Microsoft Windows Server 2019, v1.0.0
- CIS Benchmark for Microsoft IIS 10, v1.2.0
- CIS Benchmark for Microsoft Office Enterprise, v1.0.0
- CIS Benchmark for Microsoft Windows 11 Stand-alone, v1.0.0
- CIS Benchmark for MongoDB 5, v1.1.0
- CIS Benchmark for NGINX, v2.0.0
- CIS Benchmark for Oracle Database 19c on Linux host, v1.1.0
- CIS Benchmark for Oracle Database 19c on Windows host, v1.1.0
- CIS Benchmark for Rocky Linux 9, v1.0.0
New DISA STIG Policies
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR, V2R6
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR, V2R3
- DISA Security Technical Implementation Guide (STIG) for IBM WebSphere Liberty Server, V1R2
- DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks IDPS, V2R3
- DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V2R3
- DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks NDM, V2R2
- DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R9
New Vendor Policies
- Microsoft MDM Security Baseline for Defender Advanced Threat Protection for Windows 10
- Microsoft MDM Security Baseline for Defender Advanced Threat Protection for Windows 11
- Microsoft MDM Security Baseline for Windows 10
- Microsoft MDM Security Baseline for Windows 11
- Microsoft Security Baseline for Windows 10 version 22H2
Mandate-based Policies
This release contains the following new Mandate template support under mandate-based reporting:
- US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 1 for Applications
- US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 2 for Applications
- US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 1 for Database
- US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 2 for Database
- US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 1 for Linux
- US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 2 for Linux
- US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 1 for Network Devices
- US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 2 for Network Devices
- US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 1 for Windows
- US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 2 for Windows
New Industry and Best Practice Policies
- Security Configuration and Compliance Policy for CloudLinux 6.x
- Security Configuration and Compliance Policy for CloudLinux 7.x
- Security Configuration and Compliance Policy for CloudLinux 8.x
- Best Practice Controls for Malware/Ransomware Prevention
Deprecated Policies
This month’s package deprecates the following policies:
Operating Systems
- Security Configuration and Compliance Policy for Rocky Linux 9.x
- DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R8
Database
- CIS Benchmark for Oracle Database 19c on Linux host, v1.0.0
- CIS Benchmark for Oracle Database 19c on Windows host, v1.0.0
Network Devices
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR, V2R5
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR, V2R2
- DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks IDPS, V2R2
- DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V2R2
- DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks NDM, V2R1
Applications
- CIS Benchmark for Amazon Elastic Kubernetes Service (EKS), v1.1.0
- CIS Benchmark for Microsoft IIS 10, v1.1.1
- CIS Benchmark for NGINX v1.0.0
- Security Configuration and Compliance Policy for IBM WebSphere Liberty
Additional
- DISA Security Technical Implementation Guide (STIG) for Active Directory Domain, V2R13
- Security Configuration and Compliance Policy for Arista 4.x
- Security Configuration and Compliance Policy for Microsoft SharePoint 2013
- Security and Compliance Policy for Oracle WebLogic Server 11g and 12c
Updated Library Policies
The following policies have been updated in this month’s package:
- Policy re-release for control validation
- CIS Benchmark for Oracle Solaris 11, v1.1.0
- Policy re-release to remove control CID 7446 from Level 1 policy
- CIS Benchmark for Amazon Linux 2 v2.0.0
- Policy updates to remove control 9683 from all macOS policies
- CIS Benchmark for macOS, v10.15
- CIS Benchmark for macOS, v11
- CIS Benchmark for macOS, v12
- CIS Benchmark for macOS, v13
- CIS Benchmark for macOS, v13
- Policy updates to replace CID 15975 with 1071 in CIS AIX policies
- CIS Benchmark for IBM AIX 7.1 v2.1.0
- Policy updates to add PostgreSQL 13.x and PostgreSQL 14.x in PCI DSS policy for PostgreSQL
- PCI DSS policy for PostgreSQL 13.x and PostgreSQL 14.x
- Policy updates to add Control 22733 regex update to CIS macOS 12 v1.1.0 policy
- CIS Benchmark for Apple macOS 12.0 Monterey, v1.1.0
- Policy re-release to add missing CIS_BENCHMARK_ID tag in XML
- CIS Benchmark for AIX 7.1, v2.1.0
- Policy updates to add Liberty 19, 21, and 22 to CIS IBM WebSphere Liberty v1.0.0
- CIS Benchmark for IBM WebSphere Liberty, v1.0.0
- Policy updates to add Configuration Profile changes to CIS macOS 13 v1.0.0
- CIS Benchmark for Apple macOS 13.0 Ventura, v1.0.0
Coming Next Month
The following policies and updates are currently planned for release to the policy library next month:
New Coverage:
- CIS Benchmark for Kubernetes 1.24, v1.0.0
- CIS Benchmark for AlmaLinux OS 9, v1.0.0
- CIS Benchmark for Oracle Linux 9.x, v1.0.0
- CIS Benchmark for Red Hat OpenShift Container Platform, v1.3.0
- CIS Benchmark for Docker, v1.5.0
- CIS Benchmark for Oracle Database 19c Multitenant, v1.1.0
- CIS Benchmark for Azure Compute Microsoft Windows Server 2022, v1.0.0
- DISA Security Technical Implementation Guide (STIG) for Red Hat JBoss Enterprise Application Platform (EAP) 6.3, V2R3
- DISA Security Technical Implementation Guide (STIG) for Oracle MySQL 8.0, V1R3
- DISA Security Technical Implementation Guide (STIG) for EDB Postgres Advanced Server, V2R2
- DISA Security Technical Implementation Guide (STIG) for EDB Postgres Advanced Server for Windows, V2R2
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V1R2
- DISA Security Technical Implementation Guide (STIG) for Ubuntu 18.04 LTS, V2R10
- DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2014 Instance, V2R3
- DISA Security Technical Implementation Guide (STIG) for Kubernetes, V1R8
- DISA Security Technical Implementation Guide (STIG) for Apple macOS 12 (Monterey), V1R4
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS, V2R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC, V2R5
- DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 15.x, V1R9
- DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Site, V2R7
- DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Server, V2R5
- DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R7
- DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R8
- DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, V2R6
- DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V2R9
- DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R10
- DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R10
- DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM, V2R2
- DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V2R7
- DISA Security Technical Implementation Guide (STIG) for Solaris 11 x86, V2R7