Policy Compliance Library Updates, November 2023
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.
To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by the end of the month which includes bug fixes and updated policies.
The November release includes four CIS Benchmark Policies, twelve DISA STIG Policies, one Industry Best Practices Policies, three IRS SCSEM Policies, and four Mandate Policies. It also deprecates some of the existing policies.
Qualys’ Certification Page at CIS has been updated.
CIS Benchmark Policies
- CIS Benchmark for Docker, v1.6.0
- CIS Benchmark for Ubuntu Linux 20.04, v2.0.1
- CIS Benchmark for Microsoft Office Enterprise, v1.1.0
- CIS Benchmark for Microsoft Windows 11 Stand-alone, v2.0.0 – Portuguese
DISA STIG Policies
- DISA Security Technical Implementation Guide (STIG) for Apple macOS 12 (Monterey), V1R7
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V2R6
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router NDM, V2R3
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router RTR, V2R3
- DISA Security Technical Implementation Guide (STIG) for Juniper SRX SG NDM, V2R1
- DISA Security Technical Implementation Guide (STIG) for Kubernetes, V1R10
- DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x, V2R9
- DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R12
- DISA Security Technical Implementation Guide (STIG) for VMware vSphere 7.0 Virtual Machine, V1R2
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC V2R8
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS V2R8
- DISA Microsoft Windows 10 STIG – Ver 2, Rel 8
IRS SCSEM Policies
- Safeguard Computer Security Evaluation Matrix for VMWare ESX 6.5, v4.4
- Safeguard Computer Security Evaluation Matrix for VMWare ESX 6.7, v4.4
- Safeguard Computer Security Evaluation Matrix for VMWare ESX 7.0, v4.4
Industry and Best Practices Policies
- Security Configuration and Compliance Policy for macOS 14 Sonoma
Mandate Policies
- Digital Operational Resilience Act (DORA) for Linux
- Digital Operational Resilience Act (DORA) for Network Devices
- Network and Information Systems (NIS 2 Directive) (EU) for Linux
- Network and Information Systems (NIS 2 Directive) (EU) for Network Devices
Deprecated Policies
Operating System
- ASD ACSC’s Essential Eight Maturity Model for Windows (Level 1,2,3)
- ASD ACSC’s Essential Eight Maturity Model for Linux (Level 1,2,3)
- CIS Benchmark for Ubuntu Linux 20.04 LTS, v1.1.0
- DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R5
- DISA Security Technical Implementation Guide (STIG) for IBM AIX 7.x, V2R6
- DISA Security Technical Implementation Guide (STIG) for Apple macOS 12 (Monterey), V1R5
- DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R10
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R5
- DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R7
Application
- CIS Benchmark for Docker, v1.5.0
- CIS Benchmark for Microsoft Office Enterprise, v1.0.0
- DISA Security Technical Implementation Guide (STIG) for Kubernetes, V1R8
Network Devices
- ASD ACSC’s Essential Eight Maturity Model for Network Devices (Level 1, 2, 3)
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V2R4
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router NDM, V2R2
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router RTR, V2R1
Database
- ASD ACSC’s Essential Eight Maturity Model for Database (Level 1, 2, 3)
Policy Updates
The below policies are part of the bug fix package and should be available in production by the first week of December.
- ASD ACSC’s Essential Eight Maturity Model for Windows
- Policy re-release for ASD ACSC’s Essential Eight Maturity Model for Windows- Level 1, Level 2, and Level 3.
- CIS Windows 2019 Server
- Policy re-release for CIS Windows 2019 Server. Added CID 26502 for requirement 1.2.3 – Ensure ‘Allow Administrator account lockout’ is set to ‘Enabled’ (Manual).
- CIS Benchmark for Ubuntu Linux 20.04
- Policy re-release of CIS Benchmark for Ubuntu Linux 20.04, v2.0.1
- Added controls and updated references – 10500,26791,26792,26793,26794,19663,26824,26823,19583,9725,23814,23815.
- CIS Benchmark policy for VMware ESXi 7.0, V1.2.0
- Policy re-release CIS Benchmark policy for VMware ESXi 7.0, V1.2.0
Replaced CID 8989 with CID 8986
Replaced CID 8981 with CID 9312
Replaced CID 8987 with CID 8985
Replaced CID 8986 with CID 8984
- Policy re-release CIS Benchmark policy for VMware ESXi 7.0, V1.2.0
- CIS Benchmark Policy for IBM DB2 11, v1.0.0.
- Policy re-release for CIS Benchmark policy for IBM DB2 11, v1.0.0.
- Replaced CID 4661 with CID 10190
- CIS Benchmark Policy for Apache Tomcat
- Policy re-release for regular expression update on Tomcat CIS Policy.
- The affected policies are,
- Apache Tomcat 8.x, CIS Benchmark for Apache Tomcat 8, v1.1.0
- Apache Tomcat 8.x, CIS Benchmark for Apache Tomcat 8, v1.0.1
- Apache Tomcat 9.x, CIS Benchmark for Apache Tomcat 9, v1.2.0
- Apache Tomcat 10.x, CIS Benchmark for Apache Tomcat 10, v1.0.0
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC V2R8
- Policy re-release DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC V2R8
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS V2R8
- Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS V2R8.
- DISA Microsoft Windows 10 STIG – Ver 2, Rel 8
- Policy re-release for DISA Microsoft Windows 10 STIG – Ver 2, Rel 8.
- DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R11
- Policy re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R11.
- Update the cardinality in the following controls:22999, 23003, 16254, 20618.
- Microsoft Security Baseline for Windows 11 version 22H2 policy
- Policy re-release for Microsoft Security Baseline for Windows 11 version 22H2 policy with a regular expression updated for CID 3923.
- Windows 11 and Windows Server 2022 support PCI-DSS (Payment Card Industry Data Security Standard) v3.2.1
- Policy re-release to add Windows 11 and Windows Server 2022 support to PCI-DSS (Payment Card Industry Data Security Standard) v3.2.1.
Coming Next Month
- CIS Apple macOS 13.0 Ventura Benchmark v 2.0.0
- CIS Apple macOS 14.0 Sonoma v1.0.0
- CIS Microsoft Intune for Windows 11 Benchmark v2.0.0
- CIS Microsoft Intune for Windows 10 Benchmark v2.0.0
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX V2R5
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R4
- IANS Windows 11 Hardening Benchmark
- Security Configuration and Compliance Policy for Scientific Linux 7.x
- Safeguards Computer Security Evaluation Matrix for Oracle Database
- Safeguards Computer Security Evaluation Matrix for Palo Alto Firewall
The following policies and updates are currently planned for release to the policy library next month:
If you have any questions, please contact your TAM or Technical Support. See all library updates.
