Policy Compliance Library Updates, May 2024
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.
Qualys’ Certification Page at CIS has been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmarks policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. This reduces the risk of cyberattacks like data breaches by leveraging industry best practices.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). This equips them with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks safeguarding sensitive data and ensuring privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in May 2024:
| CIS Benchmark Policies | 18 |
| DISA STIG Policy | 11 |
| Industry Best Practices Policy | 2 |
| New Supported Mandates | 1 |
Listed below are the newly published policies and mandates:
| CIS Benchmark Policies | • CIS Benchmark for RedHat OpenShift Container Platform, v1.5.0 • CIS Benchmark for Apache Tomcat 10, v1.1.0 • CIS Apple macOS 11.0 Big Sur Benchmark v4.0.0 • CIS Benchmark for MacOS Safari, v2.0.0 • CIS Benchmark for Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE), v1.4.0 • CIS Benchmark for Google Kubernetes Engine (GKE), v1.5.0 • CIS Benchmark for Azure Kubernetes Service (AKS), v1.4.0 • CIS Benchmark for Oracle Solaris 11.4, v1.1.0 • CIS Benchmark for Microsoft Windows 10 Enterprise, v3.0.0 • CIS Benchmark for Microsoft Windows Server 2022, v3.0.0 • CIS Benchmark for PostgreSQL 14, v1.2.0 • CIS Kubernetes Benchmark, v1.9.0 • CIS Benchmark for VMware ESXi 7.0, V1.4.0 • CIS Benchmark for Microsoft SQL Server 2022, v1.1.0 • CIS Benchmark for VMware ESXi 8.0, V1.1.0 • CIS Benchmark for Cisco IOS XE 17.x, v2.1.0 • CIS Benchmark for Cisco IOS XE 16.x, v2.1.0 • CIS Benchmark for Microsoft Windows 11 Enterprise, v3.0.0 |
| DISA STIG Policies | • DISA Security Technical Implementation Guide (STIG) for Apple macOS 13 (Ventura), V1R3 • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS, V1R11 • DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 8, V1R1 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V1R5 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS,V2R7 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC, V2R7 • DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V2R9 • DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V2R9 • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R13 • DISA Security Technical Implementation Guide (STIG) for Google Chrome,V2R9 • DISA Apache Tomcat Application Server 9 Security Technical Implementation Guide, V2R7 |
| Industry and Best Practices Policies | • PCI-DSS (Payment Card Industry Data Security Standard) v4.0 – Linux • Qualys S&C Policy for Aruba EdgeConnect OS 9.x |
| New Supported Mandates | • The Australian Signals Directorate – The Essential 8 Strategies (ASD 8) November 2023 |
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
| Policy | Update |
| CIS Mac OS 14 v1.0.0 | Policy re-releases to remove CID 20303 and change cardinality for CID 25363 in CIS Mac OS 14 v1.0.0. |
| CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0 | Policy re-release to change cardinality CID 9706, 9713 in RHEL 8 v3.0.0. |
| CIS Benchmark for Microsoft Windows Server 2016 STIG, v2.0.0 | Policy re-release of CIS Benchmark for Microsoft Windows Server 2016 STIG, v2.0.0. The affected control is 8249. |
| Password Policy Best Practices for Windows | Policy re-release for Password Policy Best Practices for Windows. |
| DISA STIG for Apache 2.4 Server for UNIX, V2R6 | Policy re-release for DISA STIG for Apache 2.4 Server for UNIX, V2R6 |
| CIS Benchmark for Red Hat Enterprise Linux 9, v1.0.0 | Policy re-release CIS Benchmark for Red Hat Enterprise Linux 9, v1.0.0 |
| DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R7 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R7 |
| DISA STIG for Microsoft Internet Explorer 11, V2R3 | Policy re-release for DISA STIG for Microsoft Internet Explorer 11, V2R3. There are changes in CID: 25712. CID 24764 is removed. There are changes in regex, 12120, 12121, 12122, 12111, 12112, 12113, 12117, 12118,12119, 12126, 12127, 12128, 12108, 12109, 12110, 12114, 12115, 12116 |
| CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 | Policy re-release for CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0. |
| DISA STIG for Mozilla Firefox, V6R5 | Policy re-release for changes in CID: 13888, 24378, 24390, 24396 |
| Microsoft Security Baseline for Windows 11 Version 23H2 | Policy re-release to add the missing control in Microsoft Security Baseline for Windows 11 Version 23H2 |
| DISA IIS 8.5 Server and DISA 10 server | Policy re-release for DISA IIS 8.5 Server and DISA 10 server. The affected policies are DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Server, V2R5, DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R8. |
| Bottlerocket CIS policy | Policy re-release for a regex update in CID 27455. The affected policies are CIS Benchmark for Bottlerocket Benchmark, v1.0.0, CIS Benchmark for Bottlerocket Benchmark, v1.0.0. |
| DISA STIG Win 11 V1R2 | Policy re-release for DISA STIG Win 11 V1R2 |
| DISA STIG Win 10 V2R8 | Policy re-release for DISA STIG Win 10 V2R8 |
| CIS Benchmark for Apple macOS 13 Ventura v2.0.0 | Policy re-release for regix fix for CID 13895, 13937 |
| CIS Benchmark for Ubuntu Linux 22.04 LTS, v1.0.0 | Policy re-release for CIS Benchmark for Ubuntu Linux 22.04 LTS, v1.0.0 |
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- Qualys S&C Policy for Azure Database for PostgreSQL
- DISA Security Technical Implementation Guide (STIG) for Juniper SRX SG NDM, V2R1
- DISA Fortinet Fortigate Firewall STIG – Ver 1, Rel 3
- Security configuration and compliance policy for IBM Informix 14.x
- Security configuration and compliance policy for Neo4j Enterprise Edition 5.9.0
- Security configuration and compliance policy for Fedora 38
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS-XE Switch NDM, V2R8
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS-XE Switch L2S, V2R5
- PCI-DSS (Payment Card Industry Data Security Standard) Ver 4.0 Policy for Database
- PCI-DSS (Payment Card Industry Data Security Standard) Ver 4.0 Policy for Network
- CIS Debian Linux 12 Benchmark v1.0.1
- CIS Microsoft Windows Server 2019 Benchmark v3.0.0
- CIS VMware ESXi 6.7 Benchmark v1.4.0
- Active Directory Misconfiguration Risk Assessment
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 MS, V3R7
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 DC , V3R7
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 DC, V3R7
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 MS , V3R7
- CIS PostgreSQL 13 Benchmark v1.2.0
- NERC-CIP for Linux
- DISA Security Technical Implementation Guide (STIG) for Oracle Linux 6 STIG, V2R7
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V2R8
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V2R8
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch L2S, V2R4
- CIS Cisco ASA 9.x Firewall Benchmark v1.1.0
- CIS Fortigate 7.0.x Benchmark v1.3.0
- Qualys S&C Policy for Kali GNU/Linux 2023.x
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS-XE Switch RTR, V2R5
- CIS Azure Kubernetes Service (AKS) Benchmark v1.5.0
- CIS Microsoft Windows Server 2016 Benchmark v3.0.0
- CIS Microsoft Windows 10 Stand-alone Benchmark v3.0.0
- Security and configuration policy for password best practices for Linux
- CIS Microsoft Windows 11 Benchmark v3.0.0 -Portuguese language
- DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R9
- CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.5.0
- CIS Oracle Cloud Infrastructure Container Engine for Kubernetes(OKE) Benchmark v1.5.0
- CIS Benchmark for Microsoft SQL Server 2019, v1.3.0
Learn More
Discover how Qualys Enterprise TruRisk Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more here.
Additional Information
Feel free to contact your TAM or Qualys Technical Support if you have questions.
Find all policy library updates here.
Check out Qualys’ updated Certification Page at CIS here.
