Policy Compliance Library Updates, July 2024 

Vaishali Kulkarni

Last updated on: August 7, 2024

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices. Qualys’ Certification Page at CIS has been updated.

CIS Benchmark Policies

Center for Internet Security (CIS) Benchmarks policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. This reduces the risk of cyberattacks like data breaches by leveraging industry best practices.

DISA STIG Policies

STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). This equips them with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures

Qualys Policies

Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats

Safeguard Computer Security Evaluation Matrix (SCSEM)

It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.

Compliance Standards

Compliance standards are regulatory frameworks safeguarding sensitive data and ensuring privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.

New Policies/Mandates 

Listed below are the number of policies and mandates deployed in July 2024: 

CIS Benchmark Policies 5
DISA STIG Policy 5
Industry Best Practices Policy 1
New Supported Mandates2

Listed below are the newly published policies and mandates:  

CIS Benchmark Policies • CIS Benchmark for ISC BIND DNS Server 9.11,
v1.0.0
• CIS Benchmark for Cisco NX-OS 4.x, 5.x, 6.x, &
7.x, V1.1.0
• CIS Benchmark for Cisco NX-OS 8.x, V1.1.0
• CIS Benchmark for Cisco NX-OS 9.x, V1.1.0
• CIS Benchmark for Cisco NX-OS 10.x, V1.1.0
DISA STIG Policies •DISA Security Technical Implementation Guide
(STIG) for Cisco IOS Router RTR, V2R6
•DISA Security Technical Implementation Guide
(STIG) for Cisco IOS Switch RTR, V2R5
•DISA Security Technical Implementation Guide
(STIG) for Cisco NX-OS Switch NDM, V2R8
•DISA Security Technical Implementation Guide
(STIG) for Microsoft Windows 11, V1R5
•DISA Security Technical Implementation Guide
(STIG) for Windows 10, V2R8
Industry and Best Practices Policies •Security Configuration and Compliance Policy
for Azure Database for PostgreSQL
New Supported Mandates•Microsoft Cloud Security Benchmark v1
•CIS Controls Version 8.1

Policy Updates 

We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.

Policy Update  
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 DC, V1R4Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 DC, V1R4
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 MS, V1R4 Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 MS, V1R4
CIS Benchmark for Docker, v1.6.0Policy re-release for CIS Benchmark for Docker, v1.6.0
DISA Security Technical Implementation Guide (STIG) for Microsoft (MS) Windows Defender Antivirus, V2R4Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft (MS) Windows Defender Antivirus, V2R4.
DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R14Policy re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R14.
 DISA Security Technical Implementation Guide (STIG) for F5 Big-IP 11.x AFM, V1R1Policy re-release for  DISA Security Technical Implementation Guide (STIG) for F5 Big-IP 11.x AFM, V1R1
DISA Security Technical Implementation Guide (STIG) for F5 Big-IP 11.x Device Management, V2R1Policy re-release for DISA Security Technical Implementation Guide (STIG) for F5 Big-IP 11.x Device Management, V2R1.
DISA Security Technical Implementation Guide (STIG) for F5 Big-IP 11.x Local Traffic Manager, V2R1Policy re-release for DISA Security Technical Implementation Guide (STIG) for F5 Big-IP 11.x Local Traffic Manager, V2R1.
DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R8Policy re-release for DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R8.
DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Server, V2R5Policy re-release for DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Server, V2R5.
DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016, V2R2Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016, V2R2.
DISA Security Technical Implementation Guide (STIG) for Microsoft Word 2016, V1R1Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Word 2016, V1R1.
DISA Security Technical Implementation Guide (STIG) for Microsoft Excel 2016, V1R2Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Excel 2016, V1R2.
DISA Security Technical Implementation Guide (STIG) for Microsoft PowerPoint 2016, V1R1Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft PowerPoint 2016, V1R1.
DISA Security Technical Implementation Guide (STIG) for Microsoft Access 2016, V1R1Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Access 2016, V1R1.
DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V2R8Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V2R8.
CIS Mozilla Firefox 102 ESR Benchmark v1.0.0Policy re-release for CIS Mozilla Firefox 102 ESR Benchmark v1.0.0.
CIS Cisco IOS XR 7.xPolicy re-release for CIS Cisco IOS XR 7.x.
CIS MacOS 14.0 PolicyPolicy re-release for CIS MacOS 14.0 Policy to fix the regular expressions for CID 25011,25012,25013,25363,24996. Policy re-release for CIS Benchmark for Apple macOS 14 Sonoma, v1.0.0 to remove CID 26967.
CIS RHEL 8 V3.0.0Policy re-release for CIS RHEL 8 V3.0.0 to fix the CID 18164,3558, 15949, 17275.
CIS Benchmark for Microsoft SQL Server 2019, v1.4.0Policy re-release for CIS Benchmark for Microsoft SQL Server 2019, v1.4.0.
CIS Benchmark for Amazon Linux 2023, v1.0.0Policy re-release for CIS Benchmark for Amazon Linux 2023, v1.0.0 to fix the regular expression for CID 9711.
CIS Window Server 2022 Benchmark v3.0.0 policyPolicy re-release for  CIS Window Server 2022 Benchmark v3.0.0 policy.
DISA F5 BIGIP 17Policy re-release for DISA F5 BIGIP 17.
Add missing control in Security Configuration and Compliance Policy for IBM WebSphere 8.x and jboss (EAP) 7.xPolicy re-release to add missing control in Security Configuration and Compliance Policy for IBM WebSphere 8.x and jboss (EAP) 7.x
CID 13376 for CIS RHEL 9 v1.0.0Policy re-release to fix the regular expression  for CID 13376 for CIS RHEL 9 v1.0.0
CID 17157 in Policy OEL 8 v3.0.0Policy re-release to fix the regular expression for CID 17157 in Policy OEL 8 v3.0.0
CIS Apple macOS 13 Ventura v2.0.0Policy re-release to fix the regular expression for multiple CID’s in CIS Apple macOS 13 Ventura v2.0.0
CIDs in CIS Ubuntu Linux 20.04, v2.0.1Policy re-release to change the regular expressions for  CIDs in CIS Ubuntu Linux 20.04, v2.0.1
CIS Benchmark for Bottlerocket Benchmark, v1.0.0Policy re-release for CIS Benchmark for Bottlerocket Benchmark, v1.0.0 to change the regular expressions in CID 27455
CIS Benchmark for Cisco NX-OS, V1.1.0Policy re-release for CIS Benchmark for Cisco NX-OS, V1.1.0
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R8Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R8
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R8Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R8
DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 7, V1R2Policy re-release for DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 7, V1R2
DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R13Policy re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R13

Proposed Upcoming Policies

  We plan to release the following policies and updates next month: 

  • Security configuration and compliance policy for Virtuzzo Linux 9
  • DISA Cisco NX-OS Switch RTR STIG V2R3
  • CIS MongoDB 7 Benchmark v1.0.0
  • CIS PostgreSQL 16 Benchmark v1.0.0
  • PCI-DSS (Payment Card Industry Data Security Standard) Ver 4.0 Policy for Database
  • PCI-DSS (Payment Card Industry Data Security Standard) Ver 4.0 Policy for Network
  • NERC-CIP for Linux
  • Security and configuration policy for password best practices for Linux
  • DISA STIG Splunk Enterprise 8.x for Linux STIG – Ver 1, Rel 5
  • CIS Microsoft Windows 10 EMS Gateway Benchmark v3.0.0
  • CIS Microsoft Windows 11 Stand-alone Benchmark v3.0.0
  • CIS Google Container-Optimized OS Benchmark v1.2.0
  • CIS Microsoft Windows 11 Benchmark v3.0.0 – Brazilian Portuguese language
  • DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R9
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V1R6
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R9
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R9
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 MS, V3R5
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 MS , V3R5
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 DC , V3R5
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 DC, V3R5

Learn More 

Discover how Qualys Enterprise TruRisk Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more here.  

Additional Information 

Feel free to contact your TAM or Qualys Technical Support if you have questions. 

Find all policy library updates here

Check out Qualys’ updated Certification Page at CIS here.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *