Policy Compliance Library Updates, June 2024
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.
Qualys’ Certification Page at CIS has been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmarks policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. This reduces the risk of cyberattacks like data breaches by leveraging industry best practices.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). This equips them with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks safeguarding sensitive data and ensuring privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in June 2024:
| CIS Benchmark Policies | 11 |
| DISA STIG Policy | 15 |
| Industry Best Practices Policy | 4 |
| New Supported Mandates | 1 |
Listed below are the newly published policies and mandates:
| CIS Benchmark Policies | • CIS Benchmark for Debian Linux 12, v1.0.1 • CIS Benchmark for Microsoft Windows Server 2019, v3.0.0 • CIS Benchmark for VMware ESXi 6.7, v1.4.0 • CIS Benchmark for PostgreSQL 13, v1.2.0 [Automated and Manual Level 1] • CIS Benchmark for Cisco Firewall ASA 9.x, v1.1.0 • CIS Benchmark for Fortigate 7.0.x, v1.3.0 • CIS Benchmark for Azure Kubernetes Service (AKS), v1.5.0 • CIS Benchmark for Microsoft Windows Server 2016, v3.0.0 • CIS Benchmark for Microsoft Windows 10 Stand-alone, v3.0.0 • CIS Benchmark for Microsoft SQL Server 2019, v1.4.0 • CIS Benchmark for Microsoft Windows 11 Enterprise, v3.0.0 [Automated and Manual, All Profiles] – Portuguese |
| DISA STIG Policies | • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM, V2R8 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S, V2R5 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V2R8 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V2R8 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch L2S, V2R4 • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 6, V2R7 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch RTR, V2R5 • DISA Security Technical Implementation Guide (STIG) for Active Directory Forest, V2R8 • DISA Security Technical Implementation Guide (STIG) for Active Directory Domain, V3R4 • DISA Security Technical Implementation Guide (STIG) for Microsoft (MS) Windows Defender Antivirus, V2R4 • DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series NDM, V1R3 |
| Industry and Best Practices Policies | • Security Configuration and Compliance Policy for Red Hat Fedora • Security Configuration and Compliance Policy for Kali Linux 2023.x • Qualys Security Configuration and Compliance Policy for Windows Active Directory • Qualys policy for VMWare vRealize Operations Manager 8.x |
| New Supported Mandates | • NIST Special Publication 800-171 Rev. 3 |
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
| Policy | Update |
| CIS Policy for Oracle 12c Multitenant | Policy re-release for CIS policy for Oracle 12c Multitenant. |
| CIS Policy for IBM DB2 11.x v1.1.0 | Policy re-release for CIS policy for IBM DB2 11.x v1.1.0 controls. |
| CIS Oracle Enterprise Linux 8.x v3.0.0 | Policy re-release for CIS Oracle Enterprise Linux 8.x v3.0.0. |
| CIS Amazon Linux 2023 Benchmark v1.0.0 | Policy re-release for CIS Amazon Linux 2023 Benchmark v1.0.0. |
| Regex Update required for control 10810 | Policy re-release to update regular expression required for control 10810. |
| Remove CID 8887 and change the regex for 26968 in CIS Mac OS 14 v1.0.0 | Policy re-release to remove CID 8887 and change the regular expression for 26968 in CIS Mac OS 14 v1.0.0. |
| DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R13 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R13. |
| DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series L2S, V1R2 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series L2S, V1R2. |
| DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series RTR, V1R3 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series RTR, V1R3. |
| DISA Security Technical Implementation Guide (STIG) for VMware vSphere ESXi 7.0, V1R2 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for VMware vSphere ESXi 7.0, V1R2. |
| DISA Security Technical Implementation Guide (STIG) for VMware vSphere 7.0 Virtual Machine, V1R2 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for VMware vSphere 7.0 Virtual Machine, V1R2. |
| DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R6 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R6. |
| Add Missing technology in Apache policies | Policy re-releases to add mission technologies in Apache policies. |
| Fixing Issue with the Oracle HTTP Web Server Policy creation | Policy re-release to fix the issue with Oracle. |
| CIS Alma Linux 9 v1.0.0 | Policy re-release to replace CID 17169 with CID 25465 and CID 17170 with 25466 in the Alma Linux 9 v1.0.0 Policies. |
| CIS Red Hat Enterprise Linux8 v3.0.0. | Policy re-release to fix the regular expression for CID 9711 in CIS RHEL 8 v3.0.0. In addition, to change the regular expression for CID 20632 and CID 20881 in CIS Red Hat Enterprise Linux8 v3.0.0. |
| CIS Benchmark for Ubuntu Linux 20.04, v2.0.1 | Policy re-release to correct regular expression for CID 23776. for CIS Benchmark for Ubuntu Linux 20.04, v2.0.1. |
| CIS Benchmark for Microsoft Exchange Server 2019, v1.0.0 | Policy re-release for CIS Benchmark for Microsoft Exchange Server 2019, v1.0.0. |
| CIS Benchmark for Mozilla Firefox 102 ESR, v1.0.0 | Policy re-release for CIS Benchmark for Mozilla Firefox 102 ESR, v1.0.0. |
| DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R9 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R9. |
| DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R7 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R7. |
| DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R8 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R8. |
| DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R8 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R8. |
| DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R6 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R6. |
| DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R8 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R8. |
| CIS polciy for Oracle 18c Multitenant | Policy re-release for CIS polciy for Oracle 18c Multitenant |
| CIS Benchmark for Cisco NX-OS, V1.1.0 | Policy re-release for CIS Benchmark for Cisco NX-OS, V1.1.0 |
| CIS Red Hat Enterprise Linux 9 v1.0.0 | Policy re-release for CIS Red Hat Enterprise Linux 9 v1.0.0 |
| CIS Windows Server 2016 v3.0.0 | Policy re-release for CIS Windows Server 2016 v3.0.0 |
| CIS Windows Server 2019 v3.0.0 | Policy re-release for CIS Windows Server 2019 v3.0.0. |
| CIS Windows 10 enterprise v3.0.0 | Policy re-release to add LAPS controls in CIS Windows 10 enterprise v3.0.0. |
| CIS Windows 11 enterprise v3.0.0 policy | Policy re-release for CIS Windows 11 enterprise v3.0.0 policy. |
| CIS Benchmark for Oracle Linux 9, v1.0.0 | Policy re-release to the cid:17669 to the cid: 26400. |
| CIS IBM WebSphere Liberty Benchmark v1.0.0 | Policy re-release for CIS IBM WebSphere Liberty Benchmark v1.0.0. |
| DISA Security Technical Implementation Guide (STIG) for Juniper SRX SG NDM, V2R1 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Juniper SRX SG NDM, V2R1. |
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- Qualys S&C Policy for Azure Database for PostgreSQL
- DISA Fortinet Fortigate Firewall STIG – Ver 1, Rel 3
- Add support for Oracle 23c Technology
- Security configuration and compliance policy for Virtuzzo Linux 9
- CIS PostgreSQL 16 Benchmark v1.0.0
- PCI-DSS (Payment Card Industry Data Security Standard) Ver 4.0 Policy for Database
- PCI-DSS (Payment Card Industry Data Security Standard) Ver 4.0 Policy for Network
- CIS ISC BIND DNS Server 9.11 Benchmark v1.0.0
- DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R9.
- DISA Security Technical Implementation Guide (STIG) for Juniper SRX SG NDM, V2R1.
- CIS Debian Linux 11 Benchmark v2.0.0
- NERC-CIP for Linux
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR, V2R6
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch RTR, V2R5
- Security and configuration policy for password best practices for Linux
- CIS Google Container-Optimized OS Benchmark v1.2.0
- CIS Google Kubernetes Engine (GKE) Benchmark v1.6.0
- NIST 800-171 Rev 2 Policy for Network
- NIST 800-171 Rev 2 Policy for Linux
- NIST 800-171 Rev 2 Policy for Windows
- NIST 800-171 Rev 2 Policy for macOS
- NIST 800-171 Rev 2 Policy for VMware
- CIS Microsoft Windows 10 EMS Gateway Benchmark v3.0.0
- CIS Microsoft Windows 11 Stand-alone Benchmark v3.0.0
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V1R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R8
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R8
- DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 7, V1R2
- NERC-CIP for Linux
Learn More
Discover how Qualys Enterprise TruRisk Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more here.
Additional Information
Feel free to contact your TAM or Qualys Technical Support if you have questions.
Find all policy library updates here.
Check out Qualys’ updated Certification Page at CIS here.
