Policy Compliance Library Updates, March 2023
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.
To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by the end of the month, which includes bug fixes and updated policies.
The March release includes five CIS Benchmark policies, thirty-four DISA Security Technical Implementation Guide (STIG) policies, and one industry and best practice policy. It also deprecates some of the existing policies.
Qualys’ Certification Page at CIS has been updated.
New CIS Benchmark Policies
CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS-certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.
This release contains the following new CIS Benchmark policies:
- CIS Benchmark for Alma Linux 9, v1.0.0
- CIS Benchmark for Azure Compute Microsoft Windows Server 2022, v1.0.0
- CIS Benchmark for Kubernetes V1.24, v1.0.0
- CIS Benchmark for Oracle Linux 9, v1.0.0
- CIS Benchmark for RedHat OpenShift Container Platform, v1.3.0
New DISA STIG Policies
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R4
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX, V2R3
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for Windows, V2R3
- DISA Security Technical Implementation Guide (STIG) for EDB Postgres Advanced Server, V2R2
- DISA Security Technical Implementation Guide (STIG) for EDB Postgres Advanced Server v11 on Windows, V2R2
- DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R8
- DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Site, V2R7
- DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Server, V2R5
- DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R7
- DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R8
- DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM, V2R2
- DISA Security Technical Implementation Guide (STIG) for Kubernetes, V1R8
- DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R6
- DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V2R8
- DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Database, V2R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Instance, V2R8
- DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2014 Instance, V2R3
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V1R2
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS, V2R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC, V2R5
- DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, V2R6
- DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R10
- DISA Security Technical Implementation Guide (STIG) for Red Hat JBoss Enterprise Application Platform (EAP) 6.3, V2R3
- DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R10
- DISA Security Technical Implementation Guide (STIG) for Solaris 10 X86, V2R4
- DISA Security Technical Implementation Guide (STIG) for Solaris 10 SPARC, V2R4
- DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V2R7
- DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V2R7
- DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V2R9
- DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 15.x, V1R9
- DISA Security Technical Implementation Guide (STIG) for Ubuntu 18.04 LTS, V2R10
New Industry and Best Practice Policies
- Security Configuration and Compliance Policy for Opengear 4.x
Deprecated Policies
This month’s package deprecates the following policies:
Applications
- CIS Benchmark for Kubernetes V1.23, v1.0.1
- CIS Benchmark for RedHat OpenShift Container Platform, v1.2.0
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R3
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX, V2R2
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for Windows, V2R2
- DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R6
- DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Site, V2R6
- DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Server, V2R4
- DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R6
- DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R6
- DISA Security Technical Implementation Guide (STIG) for Kubernetes, V1R6
- DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V2R6
- Security Configuration and Compliance Policy for JBoss WildFly/EAP
Operating Systems
- DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R8
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V1R1
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS, V2R4
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC, V2R4
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R4
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R4
- DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R8
- DISA Security Technical Implementation Guide (STIG) for Solaris 10 SPARC, V2R2
- DISA Security Technical Implementation Guide (STIG) for Solaris 10 X86, V2R2
- DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V2R6
- DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V2R6
- DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V2R7
- DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 15.x, V1R7
- DISA Security Technical Implementation Guide (STIG) for Ubuntu 18.04 LTS, V2R8
- DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R4
Database
- DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, V2R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2014 Instance, V2R2
- DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Database, V2R4
- DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Instance, V2R7
Network Devices
- DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM, V2R1
Updated Library Policies
The following policies have been updated in this month’s package:
- Policy re-release to include Not Scored Checks
- CIS Benchmark for Ubuntu Linux 14.04 LTS, v2.1.0
- Policy review and re-release for Ubuntu Linux 18.04 LXD Host
- CIS Benchmark for Ubuntu Linux 18.04 LXD Host
- Policy review and re-release for Oracle Solaris 11, v1.1.0
- CIS Benchmark for Oracle Solaris 11, v1.1.0
- Policy updates to add NL value Always for the Control 11196 in Windows 2016 Server
- Policy update to add regex for Control 9632 in CIS Ubuntu 20 v1.1.0
- CIS Benchmark for Ubuntu Linux 20.04 LTS, v1.1.0
- Policy updates to add regex for Controls 17154 and 17155 in CIS RHEL 8
- CIS Benchmark for Red Hat Enterprise Linux 8, v2.0.0
- Policy re-release to update regex for Control 22733 in Apple macOS 12 v1.1.0
- CIS Benchmark for Apple macOS 12.0 Monterey, v1.1.0
Coming Next Month
The following policies and updates are currently planned for release to the policy library next month:
New Coverage:
- CIS Benchmark for Apple macOS 12.0 Monterey, v2.0.0
- CIS Benchmark for Apple macOS 11.0 Big Sur, v3.0.0
- CIS Benchmark for Apple macOS 10.15 Catalina, v3.0.0
- CIS Benchmark for Docker, v1.5.0
- CIS Benchmark for Microsoft Intune for Windows 11, v1.0.0
- CIS Benchmark for Oracle Database 19c Multitenant, v1.1.0
- CIS Benchmark for Alibaba Cloud Linux 3, v1.0.0
- DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS, V1R7
- DISA Security Technical Implementation Guide (STIG) for Apache Tomcat Application Server 9, V2R4
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for Windows, V2R1
- DISA Security Technical Implementation Guide (STIG) for Active Directory Domain, V3R2
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 DC, V3R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 DC, V3R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 MS, V3R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 MS, V3R5
- DISA Security Technical Implementation Guide (STIG) for Apple macOS 12 (Monterey), V1R5
- DISA Security Technical Implementation Guide (STIG) for Apple macOS 11, V1R7
- DISA Security Technical Implementation Guide (STIG) for Microsoft Internet Explorer 11, V2R3
- Security Configuration & Compliance Policy for Virtuozzo Linux 6.x,7.x, and 8.x
- Security Configuration & Compliance Policy for F5 BIG IP 17.x
- Security Configuration & Compliance Policy for Checkpoint SP Gaia [OCA]
If you have any questions, please contact your TAM or Technical Support. See all library updates.