Policy Compliance Library Updates, September 2024 

Vaishali Kulkarni

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices. 

Qualys’ Certification Page at CIS has been updated.  

CIS Benchmark Policies

Center for Internet Security (CIS) Benchmarks policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. This reduces the risk of cyberattacks like data breaches by leveraging industry best practices.

DISA STIG Policies

STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). This equips them with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.

Qualys Policies

Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.

Safeguard Computer Security Evaluation Matrix (SCSEM)

It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.

Compliance Standards

Compliance standards are regulatory frameworks safeguarding sensitive data and ensuring privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.

New Policies/Mandates 

Listed below are the number of policies and mandates deployed in September 2024: 

CIS Benchmark Policies 3
DISA STIG Policy 10
Industry Best Practices Policy 12
New Supported Mandates4

Listed below are the newly published policies and mandates:  

CIS Benchmark Policies • CIS Benchmark for Microsoft Windows Server 2019 Stand-alone, v2.0.0
• CIS Benchmark for Microsoft Office Enterprise, v1.2.0
• CIS Benchmark for SUSE Linux Enterprise 12.x, v3.1.0 policy
DISA STIG Policies • DISA Security Technical Implementation Guide (STIG) for Fortigate Firewall, V1R3
• DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch L2S, V3R1
• DISA Security Technical Implementation Guide (STIG) for Ivanti Connect Secure NDM, V2R1
• DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R6
• DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V3R1
• DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V3R1
• DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 DC, V2R1
• DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 MS, V2R1
• DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R8
• DISA Security Technical Implementation Guide (STIG) for IIS 8.5 Server, V2R5
Industry and Best Practices Policies • NIST 800-171 Rev 2 for MacOS
• Security Configuration and Compliance Policy for Windows Server Certification Authority
• NIST 800-171 Rev 2 for Database
• NIST 800-171 Rev 2 for Network
• NIST 800-171 Rev 2 for VMware
• Criminal Justice Information Services (CJIS) Security Policy for Network
• Criminal Justice Information Services (CJIS) Security Policy for Windows
• NERC CIPv5 for Linux Policy
• NERC CIPv5 for Database
• NERC CIPv5 for Network
• Criminal Justice Information Services (CJIS) Security Policy for Linux
• Criminal Justice Information Services (CJIS) Security Policy for Database
New Supported Mandates• Royal Decree 311/2022
• Royal Decree 311/2022 – Annex II (MEDIUM)
• Royal Decree 311/2022 – Annex II (HIGH)
• Royal Decree 311/2022 – Annex II (BASIC)

Policy Updates 

We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.

Policy Update  
DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R8Policy re-release for DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V2R8
CIS Benchmark for Red Hat Enterprise Linux 9, v1.0.0Policy re-release for CIS Benchmark for Red Hat Enterprise Linux 9, v1.0.0 to update the regular expression for the CID 17154 and to add 28571 and 28572.
CIS Apple macOS 14 policyPolicy re-release for CIS Apple macOS 14 policy to replace CID 8888 and CID 8887 with CID 27002 and 26968. Policy re-release for CIS macOS 14 Sonoma, v1.0.0 to replace CID 22737 with CID 27039 and for CID 22737 to change the cardinality to matches.
DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R6Policy re-release for DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V2R6.
Security Compliance Policy IBM Websphere Application Server version 8.xPolicy re-release for Security Compliance Policy IBM Websphere Application Server version 8.x to replace CID 15820 with 28481.
CIS Microsoft Intune for Windows 11 Benchmark, v3.0.1Policy re-release for CIS Microsoft Intune for Windows 11 Benchmark, v3.0.1.
CIS SUSE Linux Enterprise 15, v1.1.1Policy re-release for CIS SUSE Linux Enterprise 15, v1.1.1 to update the cardinality and regex for the CID 7356.
CIS Fortigate 7.0.x Benchmark v1.3.0 policyPolicy re-release for CIS Fortigate 7.0.x Benchmark v1.3.0 policy to update regex of 23978.
CIS Benchmark for Microsoft Windows Server 2022 v3.0.0 policyPolicy re-release for CIS Benchmark for Microsoft Windows Server 2022 v3.0.0 policy to update the regular expression of 2196 control.
CIS Benchmark for Microsoft Windows Server 2019, v3.0.0 policyPolicy re-release for CIS Benchmark for Microsoft Windows Server 2019, v3.0.0 policy to update the regular expression of 5209 control.
CIS Benchmark for Microsoft Windows Server 2016, v3.0.0Policy re-release for CIS Benchmark for Microsoft Windows Server 2016, v3.0.0.
CIS Benchmark for Microsoft Windows 10 Enterprise, v3.0.0Policy re-release for CIS Benchmark for Microsoft Windows 10 Enterprise, v3.0.0.
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC, V2R7Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC, V2R7.
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS, V2R7Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS, V2R7.
DISA Security Technical Implementation Guide (STIG) for Fortigate Firewall NDM, V1R4Policy re-release for DISA Security Technical Implementation Guide (STIG) for Fortigate Firewall NDM, V1R4.
Qualys Security Configuration and Compliance Policy for PowerShellPolicy re-release for Qualys Security Configuration and Compliance Policy for PowerShell.
CIS RHEL 8 v3.0.0Policy re-release for CIS RHEL 8 v3.0.0 to replace CID 4731 with CID 4729 and CID 4731, replace  CID 25490 and CID 25478 with CID 28818 and CID 28819.
CIS Benchmark for Oracle Solaris 11.4, v1.0.0Policy re-release for CIS Benchmark for Oracle Solaris 11.4, v1.0.0 to update regular expressions for CID 5385.
DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS, V1R11Policy re-release for DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS, V1R11 to Change the regular expressions for 15947, 15949, 19638, 1766.
CIS Benchmark for Sybase ASE 15.0, v1.1.0Policy re-release for CIS Benchmark for Sybase ASE 15.0, v1.1.0.

Proposed Upcoming Policies

  We plan to release the following policies and updates next month: 

  • DISA STIG VMware vCenter 6.7
  • Security Configuration and Compliance Policy for DataStax Enterprise(Cassandra) version 6.8.14
  • Policy Support for Oracle 23c Technology
  • Security Configuration and Compliance Policy for Ivanti Connect Secure 22.x
  • CIS Ubuntu Linux 22.04 LTS Benchmark v2.0.0
  • CIS Ubuntu Linux 18.04 LTS Benchmark v2.2.0
  • DISA STIG MariaDB 10.x V1R3
  • DISA Security Technical Implementation Guide (STIG) for Cisco ISE NDM V1R6
  • CIS Google Container-Optimized OS Benchmark v1.2.0
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V2R9
  • CIS Microsoft Edge Benchmark, 3.0.0
  • CIS Mozilla Firefox ESR GPO Benchmark, 1.0.0
  • CIS Docker Benchmark v1.7.0
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 12 (Monterey), V1R8
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 13 (Ventura), V1R4
  • DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x L2S, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x NDM, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x Router, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch L2S, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch RTR, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch RTR, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Crunchy Data PostgreSQL, V3R1
  • DISA Security Technical Implementation Guide (STIG) for F5 Big-IP Device Management, V2R3
  • DISA Security Technical Implementation Guide (STIG) for F5 Big-IP Local Traffic Manager, V2R3
  • DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V3R1
  • DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R9
  • DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Juniper Router RTR, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Juniper SRX SG NDM, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Excel 2016, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Internet Explorer 11, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks IDPS, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks NDM, V3R1
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere 7.0 Virtual Machine, V1R3
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere 8.0 Virtual Machine, V2R1
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere ESXi 8.0, V2R1
  • DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 7, V1R3
  • DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 8, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Windows 10,V3R1
  • California Consumer Privacy Act of 2018 (SB-1121) (CCPA) for Windows
  • California Consumer Privacy Act of 2018 (SB-1121) (CCPA) for Linux
  • California Consumer Privacy Act of 2018 (SB-1121) (CCPA) for Database
  • California Consumer Privacy Act of 2018 (SB-1121) for Network
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2019, V3R1

Learn More 

Discover how Qualys Enterprise TruRisk Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more here.  

Additional Information 

Feel free to contact your TAM or Qualys Technical Support if you have questions. 

Find all policy library updates here

Check out Qualys’ updated Certification Page at CIS here.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *