Policy Compliance Library Updates, July 2023

Kanchan Yewale
Kanchan Yewale, Technical Content Developer, Qualys
- 7 min read

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by the end of the month which includes bug fixes and updated policies.

The July release includes four CIS Benchmark policies, three DISA STIG Policies, five IRS SCSEM policies, and two New Industry Best Practices policies. It also deprecates some of the existing policies.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.3.0
  • CIS Benchmark for Microsoft Windows Server 2016, v2.0.0
  • CIS Benchmark for PostgreSQL 12, v1.1.0
  • CIS Benchmark for PostgreSQL 13, v1.1.0

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Cisco ASA Firewall, V1R4
  • DISA Security Technical Implementation Guide (STIG) for Infoblox 7.x DNS, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Infoblox 8.x DNS, V1R1

IRS SCSEM Policies

  • Safeguard Computer Security Evaluation Matrix for CentOS Linux 7, v4.1
  • Safeguard Computer Security Evaluation Matrix for CentOS Linux 8, v4.1
  • Safeguard Computer Security Evaluation Matrix for Debian Linux 10, v1.3
  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2012, v3.3
  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2012 R2, v3.3

New Industry and Best Practices Policies

  • Security Configuration and Compliance Policy for ArubaOS CX 10.x
  • Security Configuration and Compliance Policy for ArubaOS Switch 16.x

Deprecated Policies 

This month’s package deprecates the following policies: 

Operating System

  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.2.0 [Scored and Not Scored, Level 1 – Member Server]
  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.2.0 [Scored and Not Scored, Level 1 – Member Server, Level 2 – Member Server]
  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.2.0 [Scored and Not Scored, Level 1 – Domain Controller]
  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.2.0 [Scored and Not Scored, Level 1 – Domain Controller, Level 2 – Domain Controller]
  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.2.0 [Scored, Level 2 – Domain Controller]
  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.2.0 [Scored, Level 2 – Member Server]
  • CIS Benchmark for Microsoft Windows 2016, v1.4.0, [Automated and Manual, Level 1 – Domain controller]
  • CIS Benchmark for Microsoft Windows 2016, v1.4.0, [Automated and Manual, Level 1 – Domain controller, Level 2 – Domain controller, Next Generation Windows Security – Domain controller] (Status: Disabled)
  • CIS Benchmark for Microsoft Windows 2016, v1.4.0, [Automated and manual, Level 1 – Member Server]
  • CIS Benchmark for Microsoft Windows 2016, v1.4.0, [Automated and Manual, Level 1 – Member Server, Level 2 – Member Server, Next Generation Windows Security – Member Server]
  • Qualys Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 12 Monterey 800-53 R5 Moderate
  • Qualys Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 12 Monterey 800-53 R5 Low
  • Qualys Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 12 Monterey 800-53 R5 High
  • Qualys Security Configuration and Compliance Policy for macOS Security Compliance Project: macOS 12 Monterey 800-171
  • Safeguard Computer Security Evaluation Matrix for Red Hat Enterprise Linux 7.x, v2.2

Database

  • CIS Benchmark for PostgreSQL 12, v1.0.0 [Scored and Not Scored, Level 1 – PostgreSQL, Level 1 – PostgreSQL on Linux]
  • CIS Benchmark for PostgreSQL 13, v1.0.0 [Scored and Not Scored, Level 1 – PostgreSQL, Level 1 – PostgreSQL on Linux]

Policy Updates 

The below policies are part of the bug fix package and should be available in production by the first week of August.

  • CIS Benchmark for CentOS Linux 7, v3.1.2
    • Policy re-release for CIS Benchmark for CentOS Linux 7, v3.1.2 to add 9494 for ref id 5.4.1
  • CIS Benchmark for Oracle Linux 6, v2.0.0
    • Policy re-release for CIS Benchmark for Oracle Linux 6, v2.0.0 to add 10732 for ref id 5.5.1.1
  • CIS Benchmark for Oracle Linux 7, v3.1.1
    • Policy re-release to add CIS Benchmark for Oracle Linux 7, v31.1 to add 13242 for ref id 5.4.4
  • CIS Benchmark for Oracle Linux 8, v2.0.0
    • Policy re-release for CIS Benchmark for Oracle Linux 8, v2.0.0 to add 10735 for ref id 5.6.1.4
  • CIS Benchmark for Red Hat Enterprise Linux 6, v3.0.0
    • Policy re-release for CIS Benchmark for Red Hat Enterprise Linux 6, v3.0.0 to add 10732 for ref id 5.5.1.1
  • CIS Benchmark for Red Hat Enterprise Linux 8, v2.0.0
    • Policy re-release for CIS Benchmark for Red Hat Enterprise Linux 8, v2.0.0 to add 10732 for ref id 5.5.1.1
  • CIS Benchmark for Apache HTTP Server 2.4, v2.0.0
    • Policy re-release for CIS Benchmark for Apache HTTP Server 2.4, v2.0.0
  • CIS Benchmark for Apache Tomcat 9, v1.2.0
    • Policy re-release for CIS Benchmark for Apache Tomcat 9, v1.2.0
  • Cybersecurity Maturity Model Certification (CMMC) v1.0 for Containers
    • Policy re-release with Regular Expression for CID 17046
  • CIS Kubernetes Benchmark, v1.6.1
    • Policy re-release with Regular Expression for CID 17046
  • CIS Benchmark for Kubernetes V1.24, v1.0.0
    • Policy re-release with Regular Expression for CID 17046
  • CIS IBM Db2 11 Benchmark v1.0.0
    • Policy re-release to add CID 26212 to ref id#3.2.1 in CIS IBM Db2 11 Benchmark v1.0.0.
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R10
    • Policy re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R10
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V2R9
    • Policy re-release for DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V2R9
  • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R10
    • Policy re-release for DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R10
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6, V2R2
    • Policy re-release DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 6, V2R6
    • Policy re-release for DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 6, V2R6
  • DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x, V2R6
    • Policy re-release for DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Solaris 10 X86, V2R4
    • Policy re-release for DISA Security Technical Implementation Guide (STIG) for Solaris 10 X86, V2R4

Coming Next Month  

The following policies and updates are currently planned for release to the policy library next month: 

  • CIS Benchmark Microsoft Windows Server 2008 (non-R2) v3.3.0
  • CIS Microsoft SQL Server 2022 Benchmark v1.0.0
  • CIS Debian Linux 10 Benchmark v2.0.0
  • CIS Microsoft Windows 10 Stand-alone Benchmark v2.0.0
  • CIS Microsoft Windows 11 Stand-alone Benchmark v2.0.0
  • CIS Amazon Linux 2023 Benchmark v1.0.0
  • CIS Microsoft Exchange Server 2019 Benchmark
  • CIS Microsoft Exchange Server 2019 Benchmark
  • DISA Citrix Virtual Apps and Desktops (VAD) 7.x STIG
  • Security Configuration and Compliance Policy for VMware ESXi 8.x
  • Security Configuration and Compliance Policy for Redis 4.x
  • Security Configuration and Compliance Policy for Versa Operating System
  • Security Configuration and Compliance Policy for Extreme Networks ERS 5.x
  • Safeguard Computer Security Evaluation Matrix for OEL
  • Transportation Security Administration (TSA) Policy for Linux
  • Transportation Security Administration (TSA) Policy for Windows
  • Transportation Security Administration (TSA) Policy for Databases
  • Transportation Security Administration (TSA) Policy for Network Devices

If you have any questions, please contact your TAM or Technical Support.  See all library updates.  

Share your Comments

Comments

Your email address will not be published. Required fields are marked *