Policy Compliance Library Updates, April 2023
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.
To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by the end of the month, which includes bug fixes and updated policies.
The April release includes eight CIS Benchmark policies, nine DISA Security Technical Implementation Guide (STIG) policies, five Industry and Best Practice policies, and four Mandate-based policies. It also deprecates some of the existing policies.
Qualys’ Certification Page at CIS has been updated.
New CIS Benchmark Policies
CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS-certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.
This release contains the following new CIS Benchmark policies:
- CIS Benchmark for Alibaba Cloud Linux 3, v1.0.0
- CIS Benchmark for Apple macOS 12.0 Monterey, v2.0.0
- CIS Benchmark for Apple macOS 11.0 Big Sur, v3.0.0
- CIS Benchmark for Apple macOS 10.15, v3.0.0
- CIS Benchmark for Docker, v1.5.0
- CIS Benchmark for F5 Networks, v1.0.0
- CIS Benchmark for Microsoft Intune for Windows 11, v1.0.0
- CIS Benchmark for Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE), v1.2.0
New DISA STIG Policies
- DISA Security Technical Implementation Guide (STIG) for Active Directory Domain, V3R2
- DISA Security Technical Implementation Guide (STIG) for Apple macOS 12 (Monterey), V1R5
- DISA Security Technical Implementation Guide (STIG) for Apple macOS 11 (Big Sur), V1R7
- DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS, V1R7
- DISA Security Technical Implementation Guide (STIG) for Internet Explorer 11, V2R3
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 DC, V3R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 DC, V3R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 MS, V3R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 MS, V3R5
New Industry and Best Practice Policies
- Security Configuration and Compliance Policy for Checkpoint Gaia SP (OCA)
- Security Configuration and Compliance Policy for Cisco FTD 7.x
- Security Configuration and Compliance Policy for Huawei VRP OS 5.x
- Security Configuration and Compliance Policy for Virtuozzo Linux 7.x
- Security Configuration and Compliance Policy for Virtuozzo Linux 8.x
Mandate-based Policies
- ASD ACSC’s Essential Eight Cyber Security Guidelines for Database
- ASD ACSC’s Essential Eight Cyber Security Guidelines for Linux
- ASD ACSC’s Essential Eight Cyber Security Guidelines for Network Devices
- ASD ACSC’s Essential Eight Cyber Security Guidelines for Windows
Deprecated Policies
This month’s package deprecates the following policies:
Applications
- CIS Benchmark for Docker Benchmark, v1.4.0
- DISA Security Technical Implementation Guide (STIG) for Active Directory Domain, V3R1
- DISA Security Technical Implementation Guide (STIG) for Microsoft Internet Explorer 11, V2R2
Operating Systems
- CIS Benchmark for Apple macOS 10.15, v2.1.0
- CIS Benchmark for Apple macOS 11.0 Big Sur, v2.1.0
- CIS Benchmark for Apple macOS 12.0 Monterey, v1.1.0
- DISA Security Technical Implementation Guide (STIG) for Apple macOS 11, V1R6
- DISA Security Technical Implementation Guide (STIG) for Apple macOS 12 (Monterey), V1R3
- DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS, V1R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 DC, V3R4
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 MS, V3R4
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 DC, V3R4
- DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 MS, V3R4
Updated Library Policies
- Policy updated and re-released to include the Not Scored Checks for Ubuntu 14 v2.1.0
- CIS Benchmark for SUSE Linux Enterprise 11.x, v2.1.0
- CIS Benchmark for Ubuntu Linux 14.04 LTS, v2.1.0
- Policy review and re-released for Debian Family Linux, v1.0.0
- CIS Benchmark for Debian Family Linux, v1.0.0
- Policy updated to add support for Red Hat JBoss Enterprise Application Platform (EAP)7.4
- Security Configuration & Compliance Policy for Red Hat JBoss Enterprise Application Platform (EAP) 7.4
- Policy updated to add CID 7419 to CIS Amazon Linux 2
- CIS Benchmark for Amazon Linux 2, v2.0.0
Coming Next Month
The following policies and updates are currently planned for release to the policy library next month:
New Coverage:
- CIS Benchmark for Oracle Database 19c Multitenant, v1.1.0
- CIS Benchmark for Mozilla Firefox 102 ESR, v1.0.0
- CIS Benchmark for MariaDB 10.6, v1.0.0
- CIS Benchmark for Microsoft Windows 11 Enterprise, v2.0.0
- CIS Benchmark for VMWare ESXi 6.7, v1.3.0
- CIS Benchmark for VMWare ESXi 7, v1.2.0
- CIS Benchmark for Microsoft Windows 10 Enterprise, v2.0.0
- CIS Benchmark for Oracle MySQL Enterprise Edition 8.0, v1.2.1
- CIS Benchmark for Kubernetes, v1.7.0
- CIS Benchmark for Juniper OS, v2.1.0
- DISA Security Technical Implementation Guide (STIG) for Cisco ASA Firewall, V1R3
- DISA Security Technical Implementation Guide (STIG) for Cisco ASA NDM, V1R2
- DISA Security Technical Implementation Guide (STIG) for Oracle MySQL 8.0 STIG, V1R3
- DISA Security Technical Implementation Guide (STIG) for Mozilla FireFox, V6R4
- DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x L2S, NDM and Router, V1R1
- Security Configuration & Compliance Policy for Alpine Linux 3.x
If you have any questions, please contact your TAM or Technical Support. See all library updates.