Policy Compliance Library Updates, August 2023

Kanchan Yewale

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices. 

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by the end of the month which includes bug fixes and updated policies. 

The August release includes six CIS Benchmark Policies, two DISA STIG Policies, one IRS SCSEM Policy, four Mandate Policies, and five New Industry Best Practices Policies. It also deprecates some of the existing policies. 

Qualys’ Certification Page at CIS has been updated. 

New CIS Benchmark Policies

  • CIS Benchmark Microsoft Windows Server 2008 (non-R2), v3.3.0
  • CIS Benchmark for Amazon Linux 2023, v1.0.0
  • CIS Microsoft SQL Server 2022 Benchmark v1.0.0
  • CIS Microsoft Windows 10 Stand-alone Benchmark v2.0.0
  • CIS Microsoft Windows 11 Stand-alone Benchmark v2.0.0
  • CIS Microsoft Exchange Server 2019 Benchmark

 DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Cisco ASA NDM, V1R2
  • DISA Citrix Virtual Apps and Desktops (VAD) 7.x STIG

IRS SCSEM Policies

  • Safeguard Computer Security Evaluation Matrix for OEL

Industry and Best Practices Policies

  • Security Configuration and Compliance Policy for Versa Operating System
  • Security Configuration and Compliance Policy for Redis 4.x
  • Security Configuration and Compliance Policy for Extreme Networks ERS 5.x
  • Security Configuration and Compliance Policy for Centos Stream 9.x
  • Security Configuration and Compliance Policy for VMware ESXi 8.x

Mandate Policies

  • Transportation Security Administration (TSA) for Linux
  • Transportation Security Administration (TSA) Policy for Windows
  • Transportation Security Administration (TSA) Policy for Databases
  • Transportation Security Administration (TSA) Policy for Network Devices

Deprecated Policies 

This month’s package deprecates the following policies: 

Operating System

  • CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.2.0
  • CIS Benchmark for Microsoft Windows 11 Stand-alone, v1.0.0 
  • CIS Benchmark for Microsoft Windows 10 Stand-alone, v1.0.1
  • Security Configuration and Compliance Policy for Amazon Linux 2023

Application

  • Security Configuration and Compliance Policy for Microsoft Exchange Server 2019

Policy Updates 

The below policies are part of the bug fix package and should be available in production by the first week of September.

  • CIS Benchmark for Apache HTTP Server 2.4, v2.0.0
    • Policy re-release CIS Benchmark for Apache HTTP Server 2.4, v2.0.0
  • CIS Ubuntu Linux 22.04 LTS Benchmark v1.0.0
    • Policy re-release for CIS Ubuntu Linux 22.04 LTS Benchmark v1.0.0 after the review.
  • CIS MacOS 13 v1.0.0 policy with multiple CIDs
    • Policy re-release for CIS MacOS 13 v1.0.0 policy with multiple CIDs
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1607), v1.2.0
    • Policy re-release with NL value updated for CID 8394
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0
    • Policy re-release with NL value updated for CID 8394
  • CIS Benchmark for Microsoft Windows 10 Enterprise
    • Policy re-release with NL value updated for CID 8394
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0
    • Policy re-release with NL value updated for CID 8394
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0
    • Policy re-release with NL value updated for CID 8394
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1803), v1.5.0
    • Policy re-release with NL value updated for CID 8394
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1809), v1.6.1
    • Policy re-release with NL value updated for CID 8394
  • CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511), v1.1.0
    • Policy re-release with NL value updated for CID 8394
  • CIS Benchmark for Microsoft Windows 2012 R2, v2.3.0
    • Policy re-release with NL value updated for CID 8394
  • CIS Benchmark for Microsoft Windows 8, v1.0.0
    • Policy re-release with NL value updated for CID 8394
  • CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.1.0
    • Policy re-release with NL value updated for CID 8394
  • CIS Benchmark for Windows 8.1 Workstation, v2.3.0
    • Policy re-release with NL value updated for CID 8394
  • CIS Benchmark for Windows 8.1 Workstation, v2.4.0
    • Policy re-release with NL value updated for CID 8394
  • CIS Microsoft Windows Server 2016, v1.0.0
    • Policy re-release with NL value updated for CID 8394
  • DISA Security Technical Implementation Guide (STIG) for IIS 8.5 and IIS 10
    • Policy re-release for DISA Security Technical Implementation Guide (STIG) for IIS 8.5 and IIS 10
  • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 L TS, V1R7
    • Policy re-release for DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 L TS, V1R7
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V1R2
    • Policy re-release with NL value updated for CID 8394
  • DISA Security Technical Implementation Guide (STIG) for Windows 8.1, V1R23
    • Policy re-release with NL value updated for CID 8394
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows 10 version 1511
    • Policy re-release with NL value updated for CID 8394
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows 8
    • Policy re-release with NL value updated for CID 8394
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows 8.1
    • Policy re-release with NL value updated for CID 8394
  • NERC CIPv5 for Windows
    • Policy re-release with NL value updated for CID 8394
  • NERC CIPv6 for Windows
    • Policy re-release with NL value updated for CID 8394
  • NIST 800-53 Rev 4 for Microsoft Windows
    • Policy re-release with NL value updated for CID 8394
  • NIST 800-53 Rev 5 for Microsoft Windows
    • Policy re-release with NL value updated for CID 8394
  • National Cybersecurity Authority – Critical Systems Cybersecurity Controls (CSCC–1:2019) for Microsoft Windows
    • Policy re-release with NL value updated for CID 8394
  • National Cybersecurity Authority – Essential Cybersecurity Controls (ECC–1:2018) for Microsoft Windows
    • Policy re-release with NL value updated for CID 8394
  • PCI-DSS (Payment Card Industry Data Security Standard) v3.2.1 – Operating Systems
    • Policy re-release with NL value updated for CID 8394
  • SA Security Technical Implementation Guide (STIG) for Windows 10,V2R5
    • Policy re-release with NL value updated for CID 8394
  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2012 R2, v3.3
    • Policy re-release with NL value updated for CID 8394
  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2012, v3.3
    • Policy re-release with NL value updated for CID 8394
  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2016, v2.4
    • Policy re-release with NL value updated for CID 8394
  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2019, v1.5
    • Policy re-release with NL value updated for CID 8394
  • Security Configuration and Compliance Policy for Windows Embedded
    • Policy re-release with NL value updated for CID 8394

Coming Next Month  

The following policies and updates are currently planned for release to the policy library next month: 

  • Security Configuration and Compliance Policy for TeraData
  • CIS Debian Linux 10 Benchmark v2.0.0
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8 V1R11
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR V2R8
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM V2R6
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch RTR V2R4
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S V2R4
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM V2R7
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V2R8
  • Guideline for Living off the Land Attacks:PowerShell
  • CIS IBM Db2 13 for z/OS Benchmark v1.0.0
  • CIS Palo Alto Firewall 10 Benchmark v1.1.0
  • CIS Microsoft Windows 10 EMS Gateway Benchmark v2.0.0
  • CIS Ubuntu Linux 20.04 LTS Benchmark v2.0.1
  • CIS Microsoft IIS 10 Benchmark v1.2.1
  • Security Configuration and Compliance Policy for Cisco APIC 4.x
  • Security Configuration and Compliance Policy for Oracle 21c (Multitenant)
  • Security Configuration and Compliance Policy for VMware vCenter Server (Windows) 5.x
  • Security Configuration and Compliance Policy for VMware vCenter Server Appliance 8.x

If you have any questions, please contact your TAM or Technical Support.  See all library updates.  

Share your Comments

Comments

Your email address will not be published. Required fields are marked *