Policy Compliance Library Updates, October 2023 

Kanchan Yewale
Kanchan Yewale, Technical Content Developer, Qualys
- 7 min read

Table of Contents

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies certified by CIS security guidelines from OS and application vendors and other industry best practices. 

To keep up with the latest changes in security control requirements and new technologies, we publish new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by the end of the month, which includes bug fixes and updated policies. 

The October release includes eight CIS Benchmark Policies, twelve DISA STIG Policies, three Industry Best Practices Policies, and four Mandate Policies. It also deprecates some of the existing policies. 

Qualys’ Certification Page at CIS has been updated.  

CIS Benchmark Policies

  • CIS Apache HTTP Server 2.4 Benchmark v2.1.0
  • CIS Azure Kubernetes Service (AKS) Benchmark v1.3.0
  • CIS Google Kubernetes Engine (GKE) Benchmark v1.4.0
  • CIS MongoDB 6 Benchmark v1.0.0
  • CIS Microsoft SQL Server 2019 Benchmark v1.3.0
  • CIS Oracle Database 18c Benchmark v1.1.0
  • CIS Policy for CIS PostgreSQL 15 Benchmark v1.0.0
  • CIS Solaris 11.4 v1.0.0

DISA STIG Policies

  • DISA Apache Tomcat Application Server 9 Security Technical Implementation Guide, V2R5
  • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS, V1R9
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR, V2R5
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch RTR, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V2R7
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V2R5
  • DISA Security Technical Implementation Guide (STIG) for Mozilla FireFox, V6R5
  • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 8, V1R7
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R12
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere ESXi 7.0, V1R2

Industry and Best Practices Policies

  • Security Configuration and Compliance Policy for Amazon RDS – PostgreSQL (Postgresql 14.x)
  • Security Configuration and Compliance Policy for Checkpoint MDS
  • Security Configuration and Compliance Policy for VMware Photon OS 4.x

Mandate Policies

  • The Digital Operational Resilience Act (DORA) Policy for Databases
  • The Digital Operational Resilience Act (DORA) Policy for Windows
  • The Network and Information Security (NIS 2) Directive Policy for Databases
  • The Network and Information Security (NIS 2) Directive Policy for Windows

Deprecated Policies 

Operating System

  • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS, V1R7
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R10

Application

  • CIS Benchmark for Apache HTTP Server 2.4, v2.0.0 
  • CIS Benchmark for Azure Kubernetes Service (AKS), v1.2.0 
  • CIS Benchmark for Google Kubernetes Engine (GKE), v1.3.0 
  • DISA Apache Tomcat Application Server 9 Security Technical Implementation Guide, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Mozilla FireFox, V6R4

Network Devices

  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch RTR, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V2R5
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V2R4

Database

  • CIS Benchmark for Oracle Database 18c on Windows host, v1.0.0 
  • CIS Benchmark for Oracle Database 18c on Linux host, v1.0.0 
  • CIS Benchmark for Oracle Database 18c Multitenant on Linux host, v1.0.0 
  • CIS Benchmark for Oracle Database 18c Multitenant on Windows host, v1.0.0 
  • CIS Benchmark for Microsoft SQL Server 2019, v1.2.0    

Policy Updates 

The following policies are part of the bug fix package and should be available in production by the first week of November.

  • Australia Information Security Manual (Information Technology Security) for Windows
    • Policy re-release to add Windows 11 and Windows Server 2022 support for Australia Information Security Manual (Information Technology Security) for Windows
  • CIS Benchmark for MariaDB 10.6 v1.0.0
    • Policy re-release for CIS Benchmark for MariaDB 10.6 v1.0.0
  • CIS Benchmark for Oracle Linux 8, v2.0.0
    • Policy re-release to update cardinality for CID 14796 and 14797 in CIS Oracle Linux 8 V2.0.0
  • CIS Benchmark for Oracle Linux 9, v1.0.0
    • Policy re-release to update CIS Oracle Linux 9 v1.0.0
  • CIS Benchmark for Ubuntu 22.04
    • Policy re-release to replace CID 12777 with 2741 in CIS Benchmark for Ubuntu 22.04
  • CIS Benchmark for Red Hat Enterprise Linux 9, v1.0.0
    • Policy re-release to update regular expression for 16681 on Red Hat Enterprise Linux 9
  • DISA STIG for Windows Server 2022, V1R1
    • Policy re-release for DISA STIG for Windows Server 2022, V1R1. Regular expression updated for CID 8145 and CID 11360. Rule IDs updated for the policy.
  • DISA STIG for Microsoft Internet Explorer 11, V2R3
    • Policy re-release for DISA STIG for Microsoft Internet Explorer 11, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R5
    • Policy re-release to update regular expression for CID 2198 and CID 5241.
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V1R2
    • Policy re-release to update regular expression for CID 2198 and CID 5241.
  • NIST 800-53 Rev 5 for Linux
    •  Policy re-release to add support for Amazon Linux 2023 and Red Hat Enterprise Linux 9.x in NIST 800-53 Rev 5 for Linux policy.
  • NIST 800-53 Rev 4 for Microsoft Windows Framework
    • Policy re-release to add Windows 11 and Windows Server 2022 support for NIST 800-53 Rev 4 for Microsoft Windows Framework
  • NIST 800-53 Rev 5 for Microsoft Windows Framework
    • Policy re-release to add Windows 11 and Windows Server 2022 support for NIST 800-53 Rev 5 for Microsoft Windows Framework
  • Regular Expression Updated for CID 19584 and 19585 in the Following Policies,
    • CIS Benchmark for Oracle Linux 8, v2.0.0
    • CIS Benchmark for Amazon Linux 2, v2.0.0
    • CIS Benchmark for Red Hat Enterprise Linux 9, v1.0.0
    • CIS Benchmark for Ubuntu Linux 22.04 LTS, v1.0.0
    • CIS Benchmark for Rocky Linux 9, v1.0.0
    • CIS Benchmark for Rocky Linux 8, v1.0.0
    • CIS Benchmark for Oracle Linux 9, v1.0.0
    • CIS Benchmark for Alibaba Cloud Linux 3, v1.0.0
    • CIS Benchmark for Alma Linux 9, v1.0.0
    • CIS Benchmark for CentOS Linux 8, v2.0.0
    • CIS Benchmark for Red Hat Enterprise Linux 8, v2.0.0
    • CIS Benchmark for Debian Linux 11, v1.0.0

Coming  Next Month 

The following policies and updates are currently planned for release to the policy library next month: 

  • CIS Docker Benchmark V1.6.0
  • CIS Ubuntu Linux 20.04 LTS Benchmark v2.0.1
  • CIS Microsoft Office Enterprise Benchmark v1.1.0
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 12 (Monterey) V1R7
  • DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c STIG V2R8
  • DISA Security Technical Implementation Guide (STIG) for Kubernetes V1R10
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM V2R6
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch RTR V2R3
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR NDM V2R3
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR RTR V2R3
  • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R12
  • DISA VMWare Vsphere 7.0 Virtual Machine V1R2
  • DISA Microsoft Windows 10 STIG – Ver 2, Rel 7
  • DISA Security Technical Implementation Guide (STIG) for Juniper SRX SG NDM, V2 R1
  • Safeguards Computer Security Evaluation Matrix for VMware ESXi

If you have any questions, please get in touch with your TAM or Technical Support.  
See all library updates.  

Share your Comments

Comments

Your email address will not be published. Required fields are marked *