Policy Compliance Library Updates, June 2023

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices. 

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by the end of the month which includes bug fixes and updated policies. 

The June release includes four CIS Benchmark policies, eight IRS SCSEM policies, one mandate framework, one new industry, and best practices policies, and twelve new mandate policies. It also deprecates some of the existing policies. 

Qualys’ Certification Page at CIS has been updated. 

New CIS Benchmark Policies 

CIS Benchmarks are developed through consensus, providing an industry-recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS-certified policies in Policy Compliance and contributes to the development of new benchmarks through the CIS Community. 

This release contains the following new CIS Benchmark policies: 

• CIS Benchmark for Juniper OS, v2.1.0
• CIS Benchmark for MariaDB 10.6, v1.0.0 MariaDB RDBMS
• CIS Benchmark for Microsoft Windows Server 2019, v2.0.0
• CIS Benchmark for Microsoft Windows Server 2022, v2.0.0

IRS SCSEM Policies

• Safeguard Computer Security Evaluation Matrix for IBM AIX 7, v2.0
• Safeguard Computer Security Evaluation Matrix for Red Hat Enterprise Linux 8, v6.0
• Safeguard Computer Security Evaluation Matrix for Red Hat Enterprise Linux 7, v6.0
• Safeguard Computer Security Evaluation Matrix for SUSE Linux Enterprise 12, v4.2
• Safeguard Computer Security Evaluation Matrix for SUSE Linux Enterprise 15, v4.2
• Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2016, v2.4
• Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2019, v1.5
• Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2022, v1.1

New Industry and Best Practice Policies

• Security Configuration and Compliance Policy for Amazon Linux 2023

New Mandate

• Automated Secure Configuration for macOS Security (mSCP) – NIST SP 800-171 Rev 2 Baseline
• Automated Secure Configuration for macOS Security (mSCP) – NIST SP 800-53 Rev 5 High Impact Security Baseline
• Automated Secure Configuration for macOS Security (mSCP) – NIST SP 800-53 Rev 5 Low Impact Security Baseline
• Automated Secure Configuration for macOS Security (mSCP) – NIST SP 800-53 Rev 5 Moderate Impact Security Baseline
• Automated Secure Configuration for macOS Security (mSCP) – NIST SP CIS Level 1 Benchmarks Baseline
• Automated Secure Configuration for macOS Security (mSCP) – NIST SP CIS Level 1 and 2 Benchmarks Baseline
• Security Configuration and Compliance Policy for MSCP macOS 13.0 CIS Controls Version 8
• Automated Secure Configuration for macOS Security (mSCP) – NIST SP CNSSI-1253 Baseline
• 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Policy (SOC2) for Windows (Published)
• 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Policy (SOC2) for Linux (Published)
• 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Policy (SOC2) for Network Devices
• 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Policy (SOC2) for Database (Published)

New Mandate Framework

• Personal Information Protection and Electronic Documents Act (PIPEDA)

Deprecated Policies 

This month’s package deprecates the following policies: 

Operating Systems 

• CIS Benchmark for Microsoft Windows Server 2019, v1.3.0
• CIS Benchmark for Microsoft Windows Server 2022, v1.0.0
• Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2019, v1.0

Database 

• Security Configuration and Compliance Policy for MariaDB 10.x

Policy Updates 

The below policies are part of the bug fix package and should be available in production by the first week of July.

• Policy re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R10
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R10

The following changes were made,

Removed controls,

9884,18473,10507,4321,12815,17503,7460,12814,17502,7459,12817,17505,7462,12818,17506,7463,12816,17504,7461,18449,11679,11681,17633,11687,11682,11694,10674,7498,7973,7975,7976,7974,11674,7486,7488,7491,7972,7487,7489,7490,7482,7483,7485,7484,7479,7480,7481,11688,16041,17571,17572,17573,7493,18441,18444,17702,13382,16063,7494,7495,7496,7497,11418,12384,6218,1774,2321,1768,1769,5223

Added new controls,

16055,19633,18588,18589,18590,20635,20634,7333,14032,14718,17639,12858,12856,12846,12848,12849,12847,12845,14699,12839,12841,12844,12840,12842,12843,12835,12836,12838,12837,12834,12833,12832,19645,19644,17640,12868,17290,17645,12852,12854,12853,14720,19660,14397,14395,5279

• Policy re-release for DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R10
  • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R10

The following changes were made,

Regex updated

7393,20531,19877,19880,4986,20543,7411,20564,11705,5368,10178,10824,14796,14797,11696,22170,22995,11632,11637,11628,10733,11655,10683,11659,11387,18118,12239,15949,20598,20599,20600,20601,20602,20603,18427,20605,20615,20616,11734,19660,20630,12804,11720,14729,9349,11633,12603,12242,22999,

Removed

11629,7431,1752,11637,11636,11628,13373,10731,2232, 20547, 19573, 19576, 20550, 20553

• Policy re-release to update CID 9256 in MariaDB policies.
  • Update CID 9256 in MariaDB policies
• Policy re-release for Safeguards Computer Security Evaluation Matrix for SUSE Linux
  • Safeguards Computer Security Evaluation Matrix for SUSE Linux
• Policy re-release to add controls in L1 Policies of RHEL 7, RHEL 6, and OEL 6
  • Adding controls in L1 Policies of RHEL 7, RHEL 6, and OEL 6, RHEL 7 – 10732 RHEL 7 – 10733, RHEL 6 – 2232, OEL 6 – 2232
• Policy re-release to Remove Not applicable controls from Oracle HTTP Server 12c policy
  • Remove Not applicable controls from Oracle HTTP Server 12c policy as per CRM-109983
• Policy re-release to add CID 26101 to CIS MariaDB policy
  • Add CID 26101 to CIS MariaDB policy
• Policy re-release for CIS Benchmark for Red Hat Enterprise Linux 7, v3.1.1
  • CIS Benchmark for Red Hat Enterprise Linux 7, v3.1.1

References were added to multiple controls.

Coming  Next Month  

The following policies and updates are currently planned for release to the policy library next month: 

• DISA STIG for Infoblox 7.x DNS, Ver 2, Rel 1
• DISA STIG for Infoblox 8.x DNS, Ver 1, Rel 1
• CIS Microsoft Windows Server 2016 Benchmark v2.0.0
• CIS PostgreSQL 12 Benchmark v1.1.0
• CIS PostgreSQL 13 Benchmark v1.1.0
• Safeguard Computer Security Evaluation Matrix for CentOS
• Safeguard Computer Security Evaluation Matrix for OEL
• Safeguard Computer Security Evaluation Matrix for Win Server 2012
• Safeguard Computer Security Evaluation Matrix for Win Server 2012 R2
• Safeguard Computer Security Evaluation Matrix for Debian 1.3
• CIS PostgreSQL 13 Benchmark v1.1.0
• Security Configuration and Compliance Policy for ArubaOS CX 10.x
• Security Configuration and Compliance Policy for ArubaOS Switch 16.x
• Security Configuration and Compliance for IBM Websphere Liberty 23

If you have any questions, please contact your TAM or Technical Support.  See all library updates.