Policy Compliance Library Updates, December 2023

Kanchan Yewale
Kanchan Yewale, Technical Content Developer, Qualys
- 6 min read

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by the end of the month which includes bug fixes and updated policies. 

The December release includes eight CIS Benchmark Policies, three DISA STIG Policies, four Industry Best Practices Policies, and eight IRS SCSEM Policies. It also deprecates some of the existing policies. 

Qualys’ Certification Page at CIS has been updated.

CIS Benchmark Policies

  • CIS Apple macOS 13.0 Ventura Benchmark v 2.0.0
  • CIS Benchmark for Palo Alto Firewall 11, v1.0.0
  • CIS Benchmark for Apple macOS 14 Sonoma, v1.0.0
  • CIS Benchmark for VMware ESXi 7.0, V1.3.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise, v2.0.0
  • CIS Benchmark for Apache HTTP Server 2.4, v2.0.0
  • CIS Microsoft Intune for Windows 11 Benchmark, v2.0.0
  • CIS Microsoft Intune for Windows 10 Benchmark, v2.0.0

DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R5
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 13 (Ventura), V1R2
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX, V2R4

IRS SCSEM Policies

  • Safeguard Computer Security Evaluation Matrix for Oracle 18c on Linux host, v4.3
  • Safeguard Computer Security Evaluation Matrix for Oracle 12c on Linux host, v4.3
  • Safeguard Computer Security Evaluation Matrix for Oracle 19c on Linux host, v4.3
  • Safeguards Computer Security Evaluation Matrix for Palo Alto Firewall 9.x, v6.0
  • Safeguards Computer Security Evaluation Matrix for Palo Alto Firewall 10.x, v6.0
  • Safeguard Computer Security Evaluation Matrix for Oracle 18c on Windows Host, v4.3
  • Safeguard Computer Security Evaluation Matrix for Oracle 12c on Windows Host, v4.3
  • Safeguard Computer Security Evaluation Matrix for Oracle 19c on Windows Host, v4.3

Industry and Best Practices Policies

  • IANS Windows 11 Hardening Guide Policy
  • Security Configuration and Compliance Policy for Cisco APIC 5.x
  • Security Configuration and Compliance Policy for Scientific Linux 7.x
  • Security Configuration and Compliance Policy for IBM VIOS 3.x

Deprecated Policies 

Operating System

  • CIS Microsoft Intune for Windows 11 Benchmark, v1.0.0 
  • CIS Microsoft Intune for Windows 10 Benchmark, v1.1.0
  • CIS Microsoft Intune for Windows 10 Benchmark, v2.0.0 
  • CIS Microsoft Intune for Windows 11 Benchmark, v2.0.0
  • CIS Benchmark for Apple macOS 13.0 Ventura, v1.0.0  
  • Security Configuration and Compliance Policy for macOS 14 Sonoma

Application

  • CIS Benchmark for VMware ESXi 7.0, V1.2.0 
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX, V2R3

Policy Updates

  • CIS Microsoft Intune for Windows 10 Benchmark, v2.0.0
    • Policy re-release for CIS Microsoft Intune for Windows 10 Benchmark, v2.0.0
  • CIS Microsoft Intune for Windows 11 Benchmark, v2.0.0 
    • Policy re-release for CIS Microsoft Intune for Windows 11 Benchmark, v2.0.0 
  • CIS Benchmark for Apple macOS 13 Ventura, v2.0.0
    • Policy re-release for CIS Benchmark for Apple macOS 13 Ventura, v2.0.0
  • CIS Benchmark for Apache HTTP Server 2.4, v2.1.0
    • Policy re-release for CIS Benchmark for Apache HTTP Server 2.4, v2.1.0 to add CID 25769
  • CIS Benchmark for Microsoft Windows 10 Enterprise, v1.12.0
    • Policy re-release for CIS Benchmark for Microsoft Windows 10 Enterprise, v1.12.0
  • CIS Benchmark for Cisco NX-OS, V1.0.0
    • Policy re-release for CIS Benchmark for Cisco NX-OS, V1.0.0
  • Compensatory Controls for CVEs
    • Policy re-release for Compensatory Controls for CVEs
  • Updated Regular Expression for 21452 in the following policies
    • CIS Benchmark for Red Hat Enterprise Linux 9, v1.0.0
    • CIS Benchmark for Alibaba Cloud Linux 3, v1.0.0
    • CIS Benchmark for Amazon Linux 2023, v1.0.0
    • CIS Benchmark for Debian Linux 10, v2.0.0
    • CIS Benchmark for Debian Linux 11, v1.0.0
    • CIS Benchmark for Alma Linux 9, v1.0.0
    • CIS Benchmark for Rocky Linux 9, v1.0.0 
    • CIS Benchmark for Ubuntu Linux 20.04, v2.0.1
    • CIS Benchmark for Ubuntu Linux 22.04
    • CIS Benchmark for Oracle Linux 9, v1.0.0
    • Updated the control Regular Expression for 20597, 20598, 20599, 20600, 20601, 20603
    • CIS Benchmark for Red Hat Enterprise Linux 9, v1.0.0
    • CIS Benchmark for Alibaba Cloud Linux 3, v1.0.0
    • CIS Benchmark for Amazon Linux 2023, v1.0.0
    • CIS Benchmark for Debian Linux 10, v2.0.0
    • CIS Benchmark for Debian Linux 11, v1.0.0
    • CIS Benchmark for Alma Linux 9, v1.0.0
    • CIS Benchmark for Rocky Linux 9, v1.0.0 
    • CIS Benchmark for Ubuntu Linux 20.04, v2.0.1
    • CIS Benchmark for Ubuntu Linux 22.04
    • CIS Benchmark for Oracle Linux 9, v1.0.0
  • Updated the regular expression fix for Ransomware policy for control 5241
    • CIS Benchmark for Microsoft Windows Server 2016 STIG, v1.2.0
    • CIS Benchmark for Microsoft Windows Server 2019 STIG, v1.1.0
    • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R8
    • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R8
    • DISA Security Technical Implementation Guide (STIG) for Windows 10,V2R8
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2022 DC, V1R1
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2022 MS, V1R1
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 non-R2 DC, V6R47
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 non-R2 MS, V6R46
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 DC, V1R34
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 MS, V1R33
    • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS, V2R5
    • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 MS , V3R5
    • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 DC , V3R5
    • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 MS, V3R5
    • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 DC, V3R5
    • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V1R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch RTR, V2R1 
    • Policy re-release for DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch RTR, V2R1 
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch L2S, V1R1 
    • Policy re-release for DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch L2S, V1R1 
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V2R5 
    • Policy re-release for DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V2R5.
  • Security Configuration and Compliance Policy for Redis
    • Policy re-release for Security Configuration and Compliance Policy for Redis

Coming Next Month 

  • CIS IBM AIX 7.2 Benchmark v1.1.0
  • CIS Microsoft SQL Server 2016 Benchmark v1.4.0
  • CIS Microsoft SQL Server 2017 Benchmark v1.3.0
  • CIS Microsoft Edge Benchmark v2.0.0
  • CIS Red Hat Enterprise Linux 8 Benchmark v3.0.0
  • CIS VMWare ESXi 8.0 Benchmark v1.0.0
  • CIS Windows 10 Enterprise v.2.0.0 for German language
  • DISA STIG Cisco ASA VPN, V1R1
  • Security Configuration and Compliance Policy for TeraData
  • Security Configuration and Compliance Policy for Extreme Networks ERS 5.x
  • Safeguards Computer Security Evaluation Matrix for Cisco Switches
  • Safeguards Computer Security Evaluation Matrix for Cisco ASA Firewall (SCSEM Version: 6.0)
  • PCI-DSS Version 4 Controls Policy for Windows

The following policies and updates are currently planned for release to the policy library next month: 

If you have any questions, please contact your TAM or Technical Support.  See all library updates.  

Share your Comments

Comments

Your email address will not be published. Required fields are marked *