Policy Compliance Library Updates, August 2024
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.
Qualys’ Certification Page at CIS has been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmarks policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. This reduces the risk of cyberattacks like data breaches by leveraging industry best practices.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). This equips them with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks safeguarding sensitive data and ensuring privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in August 2024:
CIS Benchmark Policies | 5 |
DISA STIG Policy | 9 |
Industry Best Practices Policy | 5 |
New Supported Mandates | 1 |
Listed below are the newly published policies and mandates:
CIS Benchmark Policies | • CIS Benchmark for MongoDB 7, v1.0.0 • CIS Benchmark for PostgreSQL 16, v1.0.0 • CIS Benchmark for Microsoft Windows 10 EMS Gateway, v3.0.0 • CIS Benchmark for Microsoft Windows 11 Stand-alone, v3.0.0 • CIS Benchmark for MS Windows 11 Enterprise , v3.0.0 policy for Brazilian Portuguese language. |
DISA STIG Policies | • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch RTR, V2R3 • DISA Security Technical Implementation Guide (STIG) for Splunk Enterprise 8.x for Linux ,V1R5 • DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R9 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V1R6 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R9 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R9 • DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R8 • DISA Security Technical Implementation Guide (STIG) for IIS 8.5 server, v2r5 • DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, V3R1 |
Industry and Best Practices Policies | • Security configuration and compliance policy for Virtuzzo Linux 9 • PCI-DSS (Payment Card Industry Data Security Standard) Ver4.0 Policy for Database • PCI-DSS (Payment Card Industry Data Security Standard) Ver 4.0 Policy for Network • NIST 800-171 Rev 2 for Linux • NIST 800-171 Rev 2 for Microsoft Windows |
New Supported Mandates | • Australian Signals Directorate Information Security Manual (ISM) |
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
Policy | Update |
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 MS, V3R5 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 MS, V3R5. |
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 MS, V3R5 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 MS, V3R5 |
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 DC, V3R5 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 DC, V3R5. |
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 DC, V3R5 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 DC, V3R5. |
DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R14 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V2R14. |
CIS Benchmark for Oracle Linux 8, v3.0.0 | Policy re-release for CIS Benchmark for Oracle Linux 8, v3.0.0 to fix the regular expression for CID 12757 in RHEL 7 and CID 9707 in OEL 8. |
CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 | Policy re-release for CIS Red Hat Enterprise Linux 7 Benchmark v4.0.0 to fix the regular expression for CID 12757 in RHEL 7 and CID 9707 in OEL 8. |
CIS Benchmark for Red Hat Enterprise Linux 8 STIG, v1.0.0 | Policy re-release for CIS Benchmark for Red Hat Enterprise Linux 8 STIG, v1.0.0 to fix the regular expression for CID 17523 in CIS RHEL 8 V1.0.0 STIG policy |
CIS RHEL 9 v1.0.0 | Policy re-release to add missing CID for requirement 5.5.2 in CIS RHEL 9, v1.0.0 Level 1. |
CIS Benchmark for Oracle Solaris 11.4, v1.1.0 | Policy re-release to fix the regular expressions for CID 1141 in CIS Benchmark for Oracle Solaris 11.4, v1.1.0 |
CIS Benchmark for IBM DB2 13 for z/OS, v1.0.0 | Policy re-release for CIS Benchmark for IBM DB2 13 for z/OS, v1.0.0. |
CIS Benchmark for Ubuntu Linux 20.04 LTS, v2.0.1 | Policy re-release for CIS Benchmark for Ubuntu Linux 20.04 LTS, v2.0.1 to change the GR for CIDs 24925. Policy re-release for release for CIS Benchmark for Ubuntu Linux 20.04 LTS, v2.0.1 to fix the regular expressions for the CID 9705 and 9710. |
CIS Benchmark for Microsoft Windows Server 2016, v3.0.0 | Policy re-release for CIS Benchmark for Microsoft Windows Server 2016, v3.0.0 to update the regular expressions of 5209 and 2200 controls. |
Microsoft Security Baseline for Windows 11 version 22H2 | Policy re-release for Microsoft Security Baseline for Windows 11 version 22H2 to update 9587 Control as NL value changed for Windows 11 technology |
Safeguard Computer Security Evaluation Matrix for Microsoft Windows 11, v2.0 | Policy re-release for Safeguard Computer Security Evaluation Matrix for Microsoft Windows 11, v2.0 to update 9587 Control as NL value changed for Windows 11 technology |
Microsoft Security Baseline for Windows 11 version 23H2 | Policy re-release for Microsoft Security Baseline for Windows 11 version 22H2 to update 9587 Control as NL value changed for Windows 11 technology |
CIS Ubuntu Linux 18.04 LTS Benchmark v2.1.0 | Policy re-release for CIS Ubuntu Linux 18.04 LTS Benchmark v2.1.0 to fix the reference number of 1.7.1.1 for CID 8123. |
CIS SUSE Linux Enterprise 15, v1.1.1 | Policy re-release for CIS SUSE Linux Enterprise 15, v1.1.1 to fix the CID 16278 and CID 16279. |
CIS Benchmark for Amazon Linux 2023, v1.0.0 | Policy re-release CIS benchmark for Amazon Linux 2023,v1.0.0 to replace the CID 9632 to CID 25465. |
CIS Benchmark for Amazon Linux 2 v3.0.0 | Policy re-release for CIS Benchmark for Amazon Linux 2 v3.0.0 to fix the regular expressions for CID 9708, 9709, 9711,17275. |
CIS Benchmark for Microsoft Windows Server 2022 STIG, v1.0.0 policy | Policy re-release for CIS Benchmark for Microsoft Windows Server 2022 STIG, v1.0.0 policy to update the regular expressions of 8249 and 5209 controls |
CIS Benchmark for Oracle Solaris 11.4, v1.1.0 | Policy re-release for CIS Benchmark for Oracle Solaris 11.4, v1.1.0 to fix the regular expression for CID 1141. |
CIS Benchmark for Oracle Linux 8, v3.0.0, and Red Hat Enterprise Linux 7, v4.0.0 | Policy re-release for CIS Benchmark for Oracle Linux 8, v3.0.0, and Red Hat Enterprise Linux 7, v4.0.0 to fix the regular expression for CID 12757 and 9707 in RHEL 7 and CID 12757 in OEL 8 |
CIS IBM AIX 7.2 Benchmark, v1.1.0 | Policy re-release for CIS IBM AIX 7.2 Benchmark, v1.1.0 to update the regular expressions of 4071 and 15975. |
Security Configuration and Compliance Policy for IBM HTTP Server 9 | Policy re-release for Security Configuration and Compliance Policy for IBM HTTP Server 9 to fix the regular expressions of CID 13735, CID 7715, and CID 7716. |
CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0 | Policy re-release for CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0 9 to fix the regular expressions of CIDs. |
CIS Benchmark for F5 Networks, v1.0.0 | Policy re-release for CIS Benchmark for F5 Networks, v1.0.0 to change the regular expression in F5 networks. |
CIS Benchmark for PostgreSQL 16, v1.0.0 | Policy re-release for CIS Benchmark for PostgreSQL 16, v1.0.0 |
Security Configuration and Compliance policy for Red Hat Jboss Enterprise Application Platform(EAP) 7.x | Policy re-release for Security Configuration and Compliance policy for Red Hat Jboss Enterprise Application Platform(EAP) 7.x v.3.0 to fix the regular expressions of CID 13681. |
DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R13 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R13. |
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- DISA Fortinet Fortigate Firewall STIG – Ver 1, Rel 3
- Security Configuration and Compliance Policy for DataStax Enterprise(Cassandra) version 6.8.14
- DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch L2S, V3R1
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC, V2R7
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS,V2R7
- NIST 800-171 Rev 2 Policy for macOS
- CIS Microsoft Windows Server 2019 Stand-alone v2.0.0
- Security Configuration and Compliance Policy for Windows Server Certification Authority 2019
- Criminal Justice Information Services (CJIS) Security Policy for Network
- Criminal Justice Information Services (CJIS) Security Policy for Windows
- CIS Microsoft Office Enterprise Benchmark, 1.2.0
- DISA Security Technical Implementation Guide (STIG) for Ivanti Connect Secure NDM, V2R1
- NERC CIPv5 for Linux
- NERC CIPv5 for DataBase
- NERC CIPv5 for Network
- NIST 800-171 Rev 2 for Database
- NIST 800-171 Rev 2 for Network
- NIST 800-171 Rev 2 for VMware
- California Consumer Privacy Act of 2018 (SB-1121) for Network
- Criminal Justice Information Services (CJIS) Security Policy for Linux
- Criminal Justice Information Services (CJIS) Security Policy for Database
- CIS Benchmark for SUSE Linux Enterprise 12.x, v3.1.0
Learn More
Discover how Qualys Enterprise TruRisk Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more here.
Additional Information
Feel free to contact your TAM or Qualys Technical Support if you have questions.
Find all policy library updates here.
Check out Qualys’ updated Certification Page at CIS here.