Policy Compliance Library Updates, September 2023 

Kanchan Yewale
Kanchan Yewale, Technical Content Developer, Qualys
- 5 min read

Table of Contents

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices. 

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month.

The first update contains new policies and is released in the first week of each month, followed by the second update by the end of the month which includes bug fixes and updated policies. 

The September release includes eight CIS Benchmark Policies, nine DISA STIG Policies, five New Industry Best Practices Policies, and one Mandate Policy. It also deprecates some of the existing policies. 

Qualys’ Certification Page at CIS has been updated.  

 CIS Benchmark Policies

  • CIS Debian Linux 10 Benchmark v2.0.0
  • CIS IBM Db2 13 for z/OS Benchmark v1.0.0
  • CIS Palo Alto Firewall 10 Benchmark v1.1.0
  • CIS NGINX Benchmark v2.0.1
  • CIS Microsoft Windows 10 EMS Gateway Benchmark v2.0.0
  • CIS Microsoft IIS 10 Benchmark v1.2.1
  • CIS Benchmark for Microsoft SQL Server 2022, v1.0.0   
  • CIS Guideline for Living off the Land Attacks: PowerShell        

DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8 V1R11
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC V2R8
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR V2R8
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM V2R6
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch RTR V2R4
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S V2R4
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM V2R7
  • DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox V6R5
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V2R8

Industry and Best Practices Policies

  • Security Configuration and Compliance Policy for Teradata
  • Security Configuration and Compliance Policy for Oracle 21c
  • Security Configuration and Compliance Policy for Oracle 21c (Multitenant)
  • Security Configuration and Compliance Policy for VMware vCenter Server (Windows) 5.x
  • Security Configuration and Compliance Policy for VMware vCenter Server Appliance 8.x

Deprecated Policies 

Operating System

  • CIS Benchmark for Debian Linux 10, v1.0.0
  • CIS Benchmark for Microsoft Windows 10 EMS Gateway, v1.1.0,
  • CIS Benchmark for Microsoft IIS 10, v1.2.0
  • CIS Benchmark for NGINX v2.0.0
  • CIS Benchmark for Palo Alto Firewall 10, v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch RTR, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R6
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R9
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V2R7
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V2R7

Policy Updates 

The below policies are part of the bug fix package and should be available in production by the first week of October.

  • CIS Benchmark for Ubuntu 18.04 v2.1.0
    • Policy re-release to update regular expression for CID 8327 in CIS Ubuntu 18.04 v2.1.0.
  • CIS Benchmark for HP-UX 11i, v1.5.0
    • Policy re-release for CIS Benchmark for HP-UX11i, v1.5.0 to add CID 1072 and 1091.
  • CIS Benchmark for Oracle Linux 6, v2.0.0
    • Policy re-release for CIS Benchmark for Oracle Linux 6, v2.0.0 to add CID 13242.
  • CIS Benchmark for Oracle Linux 8, v2.0.0
    • Policy re-release for CIS Benchmark for Oracle Linux 8, v2.0.0 to replace CID 2601 with 1145.
  • CIS Benchmark for Red Hat Enterprise Linux 8, v2.0.0
    • Policy re-release for Red Hat Enterprise Linux 8, v2.0.0 to replace CID 2601 with 1145.
  • DISA STIG for Infoblox 7.x DNS, Ver 2, Rel 1
    • Policy re-release for Infoblox 7.x DNS, Ver 2, Rel 1.
  • DISA STIG for Infoblox 8.x DNS, Ver 2, Rel 1
    • Policy re-release for DISA STIG for Infoblox 8.x DNS, Ver 2, Rel 1.
  • DISA STIG for Windows Server 2022, V1R1
    • Policy re-release for DISA STIG for Windows Server 2022, V1R1.
  • NIST 800-53 Rev 5 for Windows Policy
    • Policy re-release to add support for Windows server 2022 in Policy re-release for Windows server 2022 in NIST 800-53 Rev 5 for Windows policy.

Coming Next Month  

The following policies and updates are currently planned for release to the policy library next month: 

  • Security Configuration and Compliance Policy for Teradata
  • CIS Google Kubernetes Engine (GKE) Benchmark v1.4.0
  • CIS Azure Kubernetes Service (AKS) Benchmark v1.3.0
  • CIS Oracle Database 18c Benchmark v1.1.0
  • CIS Microsoft SQL Server 2019 Benchmark v1.3.0
  • CIS Apache HTTP Server 2.4 Benchmark v2.1.0
  • DISA Oracle Linux 8 STIG – Ver 1, Rel 7
  • DISA VMWare Vsphere 7.0 ESXi V1R2
  • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS V1R9
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR V2R5
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S V2R4
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch RTR V2R4
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM V2R7
  • DISA Apache Tomcat Application Server 9 Security Technical Implementation Guide V2R5
  • DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox V6R5
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R11
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM V2R5
  • Security Configuration and Compliance Policy for VMware Photon OS 4.x
  • Security Configuration and Compliance Policy for Checkpoint MDS
  • Windows 11 Stand-alone for the Portuguese language

If you have any questions, please contact your TAM or Technical Support.  See all library updates.  

Share your Comments

Comments

Your email address will not be published. Required fields are marked *