Policy Compliance Library Updates, January 2024

Kanchan Yewale
Kanchan Yewale, Technical Content Developer, Qualys
- 5 min read

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by the end of the month which includes bug fixes and updated policies.

The January release includes seven CIS Benchmark Policies, one DISA STIG Policies, one Industry Best Practices Policies, five New Supported Mandates, and five IRS SCSEM Policies. It also deprecates some of the existing policies.

Qualys’ Certification Page at CIS has been updated. 

CIS Benchmark Policies

  • CIS Benchmark for Microsoft SQL Server 2016, v1.4.0
  • CIS Benchmark for Microsoft SQL Server 2017, v1.3.0
  • CIS Benchmark for Microsoft Edge, v2.0.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise, v2.0.0 [Automated and Manual, All Profiles], German
  • CIS Benchmark for Palo Alto Firewall 9, v1.1.0
  • CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0
  • CIS Benchmark for VMware ESXi 8.0, V1.0.0

DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Cisco ASA VPN, V1R3

IRS SCSEM Policies

  • Safeguard Computer Security Evaluation Matrix for Cisco Firewall ASA 9.x, v6.0
  • Safeguard Computer Security Evaluation Matrix for Cisco IOS 15, v6.2
  • Safeguard Computer Security Evaluation Matrix for Cisco IOS 16, v6.2
  • Safeguard Computer Security Evaluation Matrix for Cisco IOS 17, v6.2
  • Safeguard Computer Security Evaluation Matrix for Cisco NX-OS, v6.2

Industry and Best Practices Policies

  • PCI-DSS (Payment Card Industry Data Security Standard) v4.0 – Windows

New Supported Mandates

  • Federal Risk and Authorization Management Program (FedRAMP L) – Low-Security Baseline Rev. 5
  • Federal Risk and Authorization Management Program (FedRAMP M) – Moderate Security Baseline Rev. 5
  • Federal Risk and Authorization Management Program (FedRAMP H) – High-Security Baseline Rev. 5
  • Federal Risk and Authorization Management Program (FedRAMP LI-SaaS) – LI-SaaS Security Baseline Rev. 5
  • ISO/IEC 27001:2022 Third edition 2022-10

Deprecated Policies 

Network Devices

  • CIS Benchmark for Palo Alto Firewall 9, v1.0.1 

Database

  • CIS Benchmark for Microsoft SQL Server 2016, v1.3.0
  • CIS Benchmark for Microsoft SQL Server 2017, v1.2.0

Operating System

  • CIS Benchmark for Red Hat Enterprise Linux 8, v2.0.0

Application

  • CIS Benchmark for Microsoft Edge, v1.1.0
  • Security Configuration and Compliance Policy for VMware ESXi 8.x

Policy Updates

  • Best Practice Controls for Malware/Ransomware Prevention
    • Policy re-release for Best Practice Controls for Malware/Ransomware Prevention
  • CIS Benchmark for Red Hat Enterprise Linux 7, v3.1.1
    • Policy re-release CIS Benchmark for Red Hat Enterprise Linux 7, v3.1.1
  • CIS Benchmark for Oracle Database 12c on Linux host, V3.0.0
    • Policy re-release CIS Benchmark for Oracle Database 12c on Linux host, V3.0.0.
  • CIS Benchmark for Oracle Database 12c on Windows server host, V3.0.0
    • Policy re-release CIS Benchmark for Oracle Database 12c on Windows server host, V3.0.0.
  • CIS Benchmark for Apple macOS 13 Ventura, v2.0.0
    • Policy re-release CIS Benchmark for Apple macOS 13 Ventura, v2.0.0.
  • CIS Benchmark for Microsoft Windows 11 Enterprise, v2.0.0
    • Policy re-release for CIS Benchmark for Microsoft Windows 11 Enterprise, v2.0.0.
  • CIS Benchmark for Oracle Database 18c on Linux host, v1.1.0 
    • Policy re-release CIS Benchmark for Oracle Database 18c on Linux host, v1.1.0.
  • CIS Benchmark for Oracle Database 18c on Windows host, v1.1.0 
    • Policy re-release CIS Benchmark for Oracle Database 18c on Windows host, v1.1.0.
  • CIS Benchmark for Oracle Database 19c on Linux host, v1.1.0 
    • Policy re-release CIS Benchmark for Oracle Database 19c on Linux host, v1.1.0. 
  • CIS Benchmark for Oracle Database 19c on Windows host, v1.1.0
    • Policy re-release CIS Benchmark for Oracle Database 19c on Windows host, v1.1.0.
  • DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, V2R6
    • Policy re-release DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, V2R6.
  • CIS Regular Expression
    • Policy re-release for CIS regular expression 8 v3.0.0.
  • CIS Benchmark for Apache Tomcat 6.0 v1.0.0
    • Policy re-release to fix regular expression for CID 9563.
  • CIS Benchmark for Apache Tomcat 7 v.1.1.0
    • Policy re-release to fix regular expression for CID 9563.
  • CIS Benchmark for Apache Tomcat 8, v1.1.0
    • Policy re-release to fix regular expression for CID 9563.
  • CIS Benchmark for Apache Tomcat 10, v1.0.0
    • Policy re-release to fix regular expression for CID 9563.
  • CIS AIX 7.2 policy
    • Policy re-release for CIS AIX 7.2 policy.
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R11
    • Policy re-release to fix regular expression for CID 20540.
  • Data type update for CID 7821
    • Policy re-release to update data type for control 7821.
  • Update for CID 7820
    • Policy re-release to update data type for control 7820.

Coming Next Month 

  • CIS Fortigate 7.0.x Benchmark v1.2.0
  • CIS Rocky Linux 8 Benchmark v2.0.0
  • CIS Oracle Linux 8 Benchmark v3.0.0
  • CIS Cisco IOS XR 7.x v1.0.0
  • CIS Microsoft Windows Server 2012 R2 Benchmark v3.0.0
  • CIS Microsoft Windows Server 2016 STIG Benchmark v2.0.0
  • CIS Microsoft Windows Server 2022 STIG v1.0.0
  • CIS Microsoft Windows Server 2019 STIG v2.0.0
  • MITRE ATT&CK Enterprise Framework v14 for Microsoft Windows
  • Payment Card Industry Data Security Standard) Ver 4.0 Policy for Linux
  • Ransomware top ten ATT&CK techniques
  • Safeguards Computer Security Evaluation Matrix for SQL Server
  • Security Configuration and Compliance Policy for TeraData
  • Security configuration and compliance policy for Kali Linux 2022
  • Security Configuration & Compliance Policy for Symantec SGOS 7.x

The following policies and updates are currently planned for release to the policy library next month: 

If you have any questions, please contact your TAM or Technical Support.  See all library updates.  

Share your Comments

Comments

Your email address will not be published. Required fields are marked *