Policy Compliance Library Updates, February 2024

Kanchan Yewale
Kanchan Yewale, Technical Content Developer, Qualys
- 5 min read

Last updated on: March 1, 2024

Qualys’ library of built-in policies makes it easy to comply with the most used and adhered-to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors and other industry best practices. 

To keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library twice every month. The first update contains new policies and is released in the first week of each month, followed by the second update by the end of the month, which includes bug fixes and updated policies. 

The February release includes eight CIS Benchmark Policies, two DISA STIG Policies, six Industry Best Practices Policies, two New Supported Mandates, and five IRS SCSEM Policies. It also deprecates some of the existing policies.

Qualys’ Certification Page at CIS has been updated.  

CIS Benchmark Policies

  • CIS Benchmark for Cisco IOS XR 7.x, v1.0.0
  • CIS Benchmark for Fortigate 7.0.x, v1.2.0
  • CIS Benchmark for Oracle Linux 8, v3.0.0
  • CIS Benchmark for Microsoft Windows Server 2016 STIG, v2.0.0
  • CIS Benchmark for Microsoft Windows Server 2022 STIG, v1.0.0
  • CIS Benchmark for Microsoft Windows Server 2019 STIG, v2.0.0
  • CIS Benchmark for Amazon Elastic Kubernetes Service (EKS), v1.4.0
  • CIS Microsoft Windows Server 2012 R2 Benchmark v3.0.0

DISA STIG Policies

  • DISA STIG for Red Hat Enterprise Linux 9, V1R2
  • DISA STIG for SUSE Linux Enterprise 12.x, V2R13

IRS SCSEM Policies

  • Safeguard Computer Security Evaluation Matrix for Microsoft SQL Server 2014, v5.0
  • Safeguard Computer Security Evaluation Matrix for Microsoft SQL Server 2016, v5.0
  • Safeguard Computer Security Evaluation Matrix for Microsoft SQL Server 2017, v5.0
  • Safeguard Computer Security Evaluation Matrix for Microsoft SQL Server 2019, v5.0
  • Safeguard Computer Security Evaluation Matrix for Microsoft SQL Server 2022, v5.0

Industry and Best Practices Policies

  • Security Configuration and Compliance Policy for Teradata
  • Security Configuration and Compliance Policy for Kali Linux 2022.x
  • Security Configuration and Compliance Policy for Symantec SGOS 7.x
  • Security Configuration and Compliance policy for Red Hat Jboss Enterprise Application Platform(EAP) 7.x
  • Top 10 ATT&CK Techniques Ransomware Policy for Windows
  • MITRE ATT&CK Enterprise Framework v14 for Microsoft Windows — This should be under Industry and Best Practice Policies

New Supported Mandates

  • SWIFT Customer Security Controls Framework – Customer Security Programme v2024
  • The NIST Cybersecurity Framework (CSF) 2.0

Deprecated Policies 

Operating System

  • CIS Benchmark for Oracle Linux 8, v2.0.0 
  • CIS Benchmark for Microsoft Windows Server 2012 R2, v2.6.0
  • CIS Benchmark for Microsoft Windows Server 2016 STIG, v1.2.0
  • CIS Benchmark for Microsoft Windows 2019 STIG, v1.1.0
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V2R9
  • MITRE ATT&CK Enterprise Framework v8 for Microsoft Windows

Application

  • CIS Benchmark for Amazon Elastic Kubernetes Service (EKS), v1.2.0

Policy Updates

  • CIS Cisco NXOS v1.0.0
    • Policy re-release to add missing section 3.1.4.3 in CIS Cisco NXOS v1.0.0.
  • CIS RHEL 8 v3.0.0
    • Policy re-release to add 26735, 26743, 26747, 26739, 18715, 25368, 12881 CIDs.
  • CIS Benchmark for Palo Alto Firewall 10, v1.1.0
    • Policy re-release to add missing CID for CIS Benchmark for Palo Alto Firewall 10, v1.1.0.
  • CIS Benchmark for Microsoft Windows 11 Stand-alone, v2.0.0
    • Policy re-release to update regular expressions for CIS Benchmark for Windows 11 with CID 10475.
  • CIS IBM AIX 7.1 Benchmark, v2.1.0
    • Policy re-release to update regular expression in CID 3947.
  • CIS MacOS 14 v1.0.0
    • Policy re-release to update regular expression in CID 21414.
  • CIS Benchmark for Amazon Linux 2, v2.0.0
    • Policy re-release for updates in CID 7371, 17275, 7413 in CIS Benchmark for Amazon Linux 2, v2.0.0 policy.
  • CIS Benchmark for Amazon Linux 2023, v1.0.0
    • Policy re-release for updates in CIDs 9710 and 9711 in CIS Benchmark for Amazon Linux 2023, v1.0.0 policy.
  • CIS Benchmark for CentOS Linux 7, v3.1.2
    • Policy re-release for updating ‘File not found’ in CID 9349, 9350, and 12753 in CIS CentOS 7 policy.
  • CIS Benchmark for Google Chrome, v2.1.0
    • Policy re-release to update ecover page for CIS Benchmark for Google Chrome v2.1.0.
  • DISA STIG for Windows Server 2022, V1R1
    • Policy re-release for DISA STIG for Windows Server 2022, V1R1.
  • Red Hat Enterprise Linux 8 v3.0.0
    • Policy re-release to replace CID 1067 with 4213
  • Updated data type for control 7820
    • CIS Benchmark for Apache HTTP Server 2.4, v2.1.0
    • CIS Benchmark for Apache HTTP Server 2.2, v3.6.0
    • CIS Benchmark for Apache HTTP Server 2.4, v2.0.0
    • DISA Security Technical Implementation Guide (STIG) for Apache 2.2 Server for UNIX, V1R11
    • US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 1 for Applications
  • Updated Data type for control 7821
    • CIS Benchmark for Apache HTTP Server 2.4, v2.1.0
    • DISA Security Technical Implementation Guide (STIG) for Apache 2.2 Server for UNIX, V1R11
    • US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 1 for Applications

 Upcoming Policies

  We plan to release the following policies and updates next month: 

  • DISA NetApp ONTAP DSC 9.x STIG, Ver 1, Rel 3
  • Security Configuration and Compliance Policy for Microsemi SyncServer 5.x
  • Security Configuration and Compliance Policy for OmniSwitch AOS 6.x
  • Security Configuration and Compliance Policy for Arista MOS
  • Security configuration and compliance policy for CBL Mariner v2.0
  • CIS Bottlerocket Benchmark v1.0.0
  • DISA VMWare Vsphere 7.0 Vcentre V1R2
  • CIS IBM AIX 7.2 Benchmark v1.1.0
  • CIS Kubernetes Benchmark v1.8.0
  • CIS AlmaLinux OS 8 Benchmark v3.0.0
  • CIS Rocky Linux 8 Benchmark v2.0.0
  • CIS Oracle MySQL Community Server 8.0 Benchmark v1.0.0
  • CIS MongoDB 5 Benchmark v1.2.0
  • CIS MongoDB 6 Benchmark v1.1.0
  • CIS PostgreSQL 15 Benchmark v1.1.0
  • CIS Microsoft Windows Server 2019 Stand-alone v1.0.0
  • CIS Oracle Database 19c Benchmark v1.2.0
  • CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0
  • Safeguards Computer Security Evaluation Matrix for Windows 10
  • Safeguards Computer Security Evaluation Matrix for Windows 11
  • DISA Oracle Linux 7 STIG – Ver 2, Rel 14
  • DISA Red Hat Enterprise Linux 7 STIG – Ver 3, Rel 14
  • DISA Red Hat Enterprise Linux 8 STIG – Ver 1, Rel 13
  • DISA SUSE Linux Enterprise Server 15 STIG – Ver 1, Rel 12
  • DISA Canonical Ubuntu 18.04 LTS STIG – Ver 2, Rel 13
  • CIS Cisco NX-OS v1.1.0
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2022, V1R4
  • DISA Oracle Linux 8 STIG – Ver 1, Rel 9

If you have any questions, please contact your TAM or Technical Support.  See all library updates.  

Share your Comments

Comments

Your email address will not be published. Required fields are marked *