Policy Compliance Library Updates, May 2023
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.
To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by the end of the month, which includes bug fixes and updated policies.
The May release includes seventeen CIS Benchmark policies, three DISA Security Technical Implementation Guide (STIG) policies, and one Industry and Best Practice policy. It also deprecates some of the existing policies. Qualys’ Certification Page at CIS has been updated.
New CIS Benchmark Policies
CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS-certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community.
This release contains the following new CIS Benchmark policies:
- CIS Benchmark for Cisco IOS 17.x, v2.0.0
- CIS Benchmark for Cisco IOS 16.x, v2.0.0
- CIS Benchmark for FortiGate, v1.1.0
- CIS Benchmark for MacOS Safari, v2.0.0
- CIS Benchmark for Microsoft Windows 10 Enterprise, v1.12.0 (German)
- CIS Benchmark for Microsoft Windows 10 Enterprise, v2.0.0
- CIS Benchmark for Microsoft Windows 11 Enterprise, v1.0.0 (German)
- CIS Benchmark for Microsoft Windows 11 Enterprise, v2.0.0
- CIS Benchmark for Microsoft Windows 2016, v1.4.0 (German)
- CIS Benchmark for Microsoft Windows Server 2012 R2, v2.6.0 (German)
- CIS Benchmark for Microsoft Windows Server 2019, v1.3.0 (German)
- CIS Benchmark for Microsoft Windows Server 2022, v1.0.0 (German)
- CIS Benchmark for Mozilla Firefox 102 ESR, v1.0.0
- CIS Benchmark for Oracle Database 19c Multitenant, v1.1.0
- CIS Benchmark for Oracle MySQL Enterprise Edition 8.0, v1.2.1
- CIS Benchmark for VMware ESXi 6.7, v1.3.0
- CIS Benchmark for VMware ESXi 7.0, v1.2.0
New DISA STIG Policies
- DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x L2S, NDM, and Router, V1R1
- DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox, V6R4
- DISA Security Technical Implementation Guide (STIG) for Oracle MySQL 8.0, V1R3
New Industry and Best Practice Policies
- Security Configuration and Compliance Policy for Alpine Linux 3.x
Deprecated Policies
This month’s package deprecates the following policies:
Applications
- CIS Benchmark for VMware ESXi 6.7, v1.2.0
- CIS Benchmark for VMware ESXi 7.0, V1.1.0
- DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox, V6R3
- Security Configuration and Compliance Policy for VMware ESXi 7.x
Operating Systems
- CIS Benchmark for Microsoft Windows 10 Enterprise, v1.12.0
- CIS Benchmark for Microsoft Windows 11 Enterprise, v1.0.0
- CIS Benchmark for Microsoft Windows 2016, v1.1.0
Databases
- CIS Benchmark for Oracle MySQL Enterprise Edition 8.0, v1.2.0
- CIS Benchmark for Oracle Database 19c Multitenant on Linux host, v1.0.0
- CIS Benchmark for Oracle Database 19c Multitenant on Windows host, v1.0.0
Network Devices
- CIS Benchmark for Cisco IOS 17.x, v1.0.0
- CIS Benchmark for Cisco IOS 16, v1.1.2
- CIS Benchmark for FortiGate, v1.0.0
Updated Library Policies
- Policy updated to add support for Red Hat JBoss Enterprise Application Platform (EAP) 7.4
- DISA Security Technical Implementation Guide (STIG) for Red Hat JBoss Enterprise Application Platform (EAP) 7.4
- Policy updated to add support for Liberty 23
- CIS Benchmark for IBM WebSphere Liberty, v1.0.0
- Policy updated and re-released to add new controls for Huawei VRP
- Security Configuration and Compliance Policy for Huawei VRP
- Policy updated to add support for Canonical Ubuntu 20.04 LTS
- DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS, V1R7
- Policy updated to add support for SUSE Linux Enterprise 15.x
- DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 15.x, V1R9
- Policy updated to add support for Red Hat Enterprise Linux 8
- DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R9
Coming Next Month
The following policies and updates are currently planned for release to the policy library next month:
New Coverage
- CIS Benchmark for PostgreSQL 15, v1.0.0
- CIS Benchmark for Microsoft SQL Server 2022, v1.0.0
- CIS Benchmark for Microsoft Windows Server 2019, v2.0.0
- CIS Benchmark for Microsoft Windows Server 2022, v2.0.0
- CIS Benchmark for Kubernetes, v1.7.0
- DISA Security Technical Implementation Guide (STIG) for Fortinet FortiGate Firewall, V1R2
- DISA Security Technical Implementation Guide (STIG) for Oracle Linux 8, V1R3
- Security Configuration and Compliance Policy for IBM WebSphere Liberty 23
- Security Configuration and Compliance Policy for Amazon Linux 2023
- Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 13 NIST 800-171
- Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 13 800-53 R5 High
- Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 13 800-53 R5 Low
- Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 13 800-53 R5 Moderate
- Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 13 CIS Benchmark Level 1
- Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 13 CIS Benchmark Level 2
- Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 13 CIS Controls Version 8
- Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 13 CNSSI – 1253
- Safeguard Computer Security Evaluation Matrix for AIX
- Safeguard Computer Security Evaluation Matrix for RHEL
- Safeguard Computer Security Evaluation Matrix for SUSE Linux
- Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2016
- Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2019
- Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2022
If you have any questions, please contact your TAM or Technical Support. See all library updates.