Policy Compliance Library Updates, July 2024
Last updated on: August 7, 2024
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices. Qualys’ Certification Page at CIS has been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmarks policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. This reduces the risk of cyberattacks like data breaches by leveraging industry best practices.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). This equips them with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks safeguarding sensitive data and ensuring privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in July 2024:
CIS Benchmark Policies | 5 |
DISA STIG Policy | 5 |
Industry Best Practices Policy | 1 |
New Supported Mandates | 2 |
Listed below are the newly published policies and mandates:
CIS Benchmark Policies | • CIS Benchmark for ISC BIND DNS Server 9.11, v1.0.0 • CIS Benchmark for Cisco NX-OS 4.x, 5.x, 6.x, & 7.x, V1.1.0 • CIS Benchmark for Cisco NX-OS 8.x, V1.1.0 • CIS Benchmark for Cisco NX-OS 9.x, V1.1.0 • CIS Benchmark for Cisco NX-OS 10.x, V1.1.0 |
DISA STIG Policies | •DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR, V2R6 •DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch RTR, V2R5 •DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V2R8 •DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V1R5 •DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R8 |
Industry and Best Practices Policies | •Security Configuration and Compliance Policy for Azure Database for PostgreSQL |
New Supported Mandates | •Microsoft Cloud Security Benchmark v1 •CIS Controls Version 8.1 |
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
Policy | Update |
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 DC, V1R4 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 DC, V1R4 |
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 MS, V1R4 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 MS, V1R4 |
CIS Benchmark for Docker, v1.6.0 | Policy re-release for CIS Benchmark for Docker, v1.6.0 |
DISA Security Technical Implementation Guide (STIG) for Microsoft (MS) Windows Defender Antivirus, V2R4 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft (MS) Windows Defender Antivirus, V2R4. |
DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R14 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R14. |
DISA Security Technical Implementation Guide (STIG) for F5 Big-IP 11.x AFM, V1R1 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for F5 Big-IP 11.x AFM, V1R1 |
DISA Security Technical Implementation Guide (STIG) for F5 Big-IP 11.x Device Management, V2R1 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for F5 Big-IP 11.x Device Management, V2R1. |
DISA Security Technical Implementation Guide (STIG) for F5 Big-IP 11.x Local Traffic Manager, V2R1 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for F5 Big-IP 11.x Local Traffic Manager, V2R1. |
DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R8 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R8. |
DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Server, V2R5 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Server, V2R5. |
DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016, V2R2 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016, V2R2. |
DISA Security Technical Implementation Guide (STIG) for Microsoft Word 2016, V1R1 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Word 2016, V1R1. |
DISA Security Technical Implementation Guide (STIG) for Microsoft Excel 2016, V1R2 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Excel 2016, V1R2. |
DISA Security Technical Implementation Guide (STIG) for Microsoft PowerPoint 2016, V1R1 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft PowerPoint 2016, V1R1. |
DISA Security Technical Implementation Guide (STIG) for Microsoft Access 2016, V1R1 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Access 2016, V1R1. |
DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V2R8 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V2R8. |
CIS Mozilla Firefox 102 ESR Benchmark v1.0.0 | Policy re-release for CIS Mozilla Firefox 102 ESR Benchmark v1.0.0. |
CIS Cisco IOS XR 7.x | Policy re-release for CIS Cisco IOS XR 7.x. |
CIS MacOS 14.0 Policy | Policy re-release for CIS MacOS 14.0 Policy to fix the regular expressions for CID 25011,25012,25013,25363,24996. Policy re-release for CIS Benchmark for Apple macOS 14 Sonoma, v1.0.0 to remove CID 26967. |
CIS RHEL 8 V3.0.0 | Policy re-release for CIS RHEL 8 V3.0.0 to fix the CID 18164,3558, 15949, 17275. |
CIS Benchmark for Microsoft SQL Server 2019, v1.4.0 | Policy re-release for CIS Benchmark for Microsoft SQL Server 2019, v1.4.0. |
CIS Benchmark for Amazon Linux 2023, v1.0.0 | Policy re-release for CIS Benchmark for Amazon Linux 2023, v1.0.0 to fix the regular expression for CID 9711. |
CIS Window Server 2022 Benchmark v3.0.0 policy | Policy re-release for CIS Window Server 2022 Benchmark v3.0.0 policy. |
DISA F5 BIGIP 17 | Policy re-release for DISA F5 BIGIP 17. |
Add missing control in Security Configuration and Compliance Policy for IBM WebSphere 8.x and jboss (EAP) 7.x | Policy re-release to add missing control in Security Configuration and Compliance Policy for IBM WebSphere 8.x and jboss (EAP) 7.x |
CID 13376 for CIS RHEL 9 v1.0.0 | Policy re-release to fix the regular expression for CID 13376 for CIS RHEL 9 v1.0.0 |
CID 17157 in Policy OEL 8 v3.0.0 | Policy re-release to fix the regular expression for CID 17157 in Policy OEL 8 v3.0.0 |
CIS Apple macOS 13 Ventura v2.0.0 | Policy re-release to fix the regular expression for multiple CID’s in CIS Apple macOS 13 Ventura v2.0.0 |
CIDs in CIS Ubuntu Linux 20.04, v2.0.1 | Policy re-release to change the regular expressions for CIDs in CIS Ubuntu Linux 20.04, v2.0.1 |
CIS Benchmark for Bottlerocket Benchmark, v1.0.0 | Policy re-release for CIS Benchmark for Bottlerocket Benchmark, v1.0.0 to change the regular expressions in CID 27455 |
CIS Benchmark for Cisco NX-OS, V1.1.0 | Policy re-release for CIS Benchmark for Cisco NX-OS, V1.1.0 |
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R8 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R8 |
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R8 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R8 |
DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 7, V1R2 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 7, V1R2 |
DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R13 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R13 |
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- Security configuration and compliance policy for Virtuzzo Linux 9
- DISA Cisco NX-OS Switch RTR STIG V2R3
- CIS MongoDB 7 Benchmark v1.0.0
- CIS PostgreSQL 16 Benchmark v1.0.0
- PCI-DSS (Payment Card Industry Data Security Standard) Ver 4.0 Policy for Database
- PCI-DSS (Payment Card Industry Data Security Standard) Ver 4.0 Policy for Network
- NERC-CIP for Linux
- Security and configuration policy for password best practices for Linux
- DISA STIG Splunk Enterprise 8.x for Linux STIG – Ver 1, Rel 5
- CIS Microsoft Windows 10 EMS Gateway Benchmark v3.0.0
- CIS Microsoft Windows 11 Stand-alone Benchmark v3.0.0
- CIS Google Container-Optimized OS Benchmark v1.2.0
- CIS Microsoft Windows 11 Benchmark v3.0.0 – Brazilian Portuguese language
- DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R9
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V1R6
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R9
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R9
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 MS, V3R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 MS , V3R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 DC , V3R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 DC, V3R5
Learn More
Discover how Qualys Enterprise TruRisk Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more here.
Additional Information
Feel free to contact your TAM or Qualys Technical Support if you have questions.
Find all policy library updates here.
Check out Qualys’ updated Certification Page at CIS here.