Policy Compliance Library Updates, October 2024
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.
Qualys’ Certification Page at CIS has been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmarks policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. This reduces the risk of cyberattacks like data breaches by leveraging industry best practices.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). This equips them with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks safeguarding sensitive data and ensuring privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in October 2024:
CIS Benchmark Policies | 2 |
DISA STIG Policy | 24 |
Industry Best Practices Policy | 6 |
New Supported Mandates | 2 |
Deprecated Mandates | 15 |
Listed below are the newly published policies and mandates:
CIS Benchmark Policies | • CIS Mozilla Firefox ESR GPO Benchmark, 1.0.0 • CIS Docker Benchmark v1.7.0 |
DISA STIG Policies | • DISA STIG MariaDB 10.x V2r1 • DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x L2S, V2R1 • DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x NDM, V2R1 • DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x Router, V2R1 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V3R1 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR, V3R1 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch L2S, V3R1 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V3R1 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch RTR, V3R1 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V3R1 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR, V3R1 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S, V3R1 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM, V3R1 • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch RTR, V3R1 • DISA Security Technical Implementation Guide (STIG) for Crunchy Data PostgreSQL, V3R1 • DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R9 • DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM, V3R1 • DISA Security Technical Implementation Guide (STIG) for Juniper Router RTR, V3R1 • DISA Security Technical Implementation Guide (STIG) for Juniper SRX SG NDM, V3R1 • DISA Security Technical Implementation Guide (STIG) for Microsoft Excel 2016, V2R1 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V3R1 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V2R9 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V2R9 • DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series NDM, V1R3 |
Industry and Best Practices Policies | • Security Configuration and Compliance Policy for DataStax Enterprise(Cassandra) version 6.8.14 • Oracle 23c Technology • California Consumer Privacy Act of 2018 (SB-1121) (CCPA) for Operating Systems, databases, and Network device • Security Configuration and Compliance Policy for Oracle Database 23ai • Jboss Hardening Guidelines for Application Server 7.2 • Security Configuration and Compliance Policy for ApconTap Switch |
New Supported Mandates | • NIST AI 100-1, Artificial Intelligence Risk Management Framework, January 2023 • Australian Signals Directorate Information Security Manual (ISM) |
Deprecated mandates | • Cybersecurity Maturity Model Certification (CMMC) Level 1 to Level 5 – v1.02 (18 March 2020) • The Australian Signals Directorate – The Essential 8 Strategies (ASD 8) – Jun-20 • Australian Signals Directorate – Essential Eight Maturity Model – Nov-22 • Federal Financial Institutions Examination Council (FFIEC) – Jun-15 • NIST Special Publication 800-171 – Rev. 2 • Payment Card Industry Data Security Standard (PCI-DSS) v3.2.1 – Ver. 3.2.1 • NIST Cyber Security Framework (CSF) – Ver 1.1 • Federal Risk and Authorization Management Program (FedRAMP M) – Moderate Security Baseline – Rev. 4 • Federal Risk and Authorization Management Program (FedRAMP H) – High Security Baseline – Rev. 4 • ISO/IEC 27001:2013 – Edition 2013-11 • SWIFT Customer Security Controls Framework – Customer Security Programme v2019 – Ver. 2019 • SWIFT Customer Security Controls Framework – Customer Security Programme v2021 – ver 2021 • SWIFT Customer Security Controls Framework – Customer Security Programme v2023 – Ver 2023 • CIS Controls – Ver 7.1 • NIST 800-53 (Special Publication) – Rev. 4 |
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
Policy | Update |
DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V1R2 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V1R2 |
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 DC, V2R1 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 DC, V2R1 |
Security Compliance Policy IBM Websphere Application Server Version 8.x | Policy re-release for Security Compliance Policy IBM Websphere Application Server Version 8.x to replace CID 15820 with 28481. |
CIS Benchmark for Microsoft Windows Server 2022 v3.0.0 policy | Policy re-release for CIS Benchmark for Microsoft Windows Server 2022 v3.0.0 policy to update the regular expressions. |
CIS Benchmark for Microsoft Windows Server 2016, v3.0.0 policy | Policy re-release for CIS Benchmark for Microsoft Windows Server 2016, v3.0.0 policy. |
DISA Ubuntu 20.04 LTS V1R11 | Policy re-release for DISA Ubuntu 20.04 LTS V1R11 to update the regular expression of CID 9349. |
CIS Apple Macos 13 v2.0.0 | Policy re-release for CIS Apple Macos 13 v2.0.0. |
CIS RHEL 9 v1.0.0 | Policy re-release for CIS RHEL 9 v1.0.0 to add CID 28571 and CID 28572. |
CIS RHEL 8 v3.0.0 | Policy re-release for CIS RHEL 8 v3.0.0 to replace CID 25490 and CID 25478 with CID 28818 and CID 28819. |
DISA Security Technical Implementation Guide (STIG) for Microsoft DotNet Framework 4.0, V2R2 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft DotNet Framework 4.0, V2R2 to update the cover page. |
CIS Microsoft Intune for Windows 11 Benchmark, v3.0.1 | Re-release of CIS Microsoft Intune for Windows 11 Benchmark, v3.0.1 |
CIS Benchmark for Microsoft Windows Server 2019, v3.0.0 | Re-release of CIS Benchmark for Microsoft Windows Server 2019, v3.0.0 policy to update the regular expressions of 5209 control. |
CIS Oracle Database 19c Benchmark v1.2.0 | Re-release of CIS Oracle Database 19c Benchmark v1.2.0 to remove CID 12520. |
CIS Benchmark for Amazon Linux STIG 2 | Re-release of CIS Benchmark for Amazon Linux STIG 2 |
CIS Benchmark for Cisco IOS 15, V4.1.1 | Re-release of CIS Benchmark for Cisco IOS 15, V4.1.1 to update the regular expressions for the CIDs 4363, 4394 |
CIS Ubuntu 20.04 LTS, v2.0.1 | Re-release of CIS Ubuntu 20.04 LTS, v2.0.1 |
CIS Benchmark for Cisco IOS XE 16.x, v2.1.0 | Re-release of CIS Benchmark for Cisco IOS XE 16.x, v2.1.0 to update regular expressions of 4363 |
DISA Solaris 11 SPARC STIG – Ver 2, Rel 9 | Re-release of DISA Solaris 11 SPARC STIG – Ver 2, Rel 9 |
CIS Benchmark for Microsoft Windows 10 Enterprise, v3.0.0 | Re-release of CIS Benchmark for Microsoft Windows 10 Enterprise, v3.0.0 |
CIS Benchmark for Cisco IOS XE 17.x, v2.1.0 | Re-release of CIS Benchmark for Cisco IOS XE 17.x, v2.1.0 to update regular expressions of 4363. |
CIS Benchmark for Microsoft Windows 11 Enterprise, v3.0.0 | Re-release of CIS Benchmark for Microsoft Windows 11 Enterprise, v3.0.0 |
CIS Benchmark for Microsoft Exchange Server 2016, v1.0.0 | Re-release of CIS Benchmark for Microsoft Exchange Server 2016, v1.0.0 |
CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 | Re-release of CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 to add CID 7408 and change cardinality for CID 10505. |
CIS Rocky Linux 8 Benchmark v2.0.0 | Re-release of CIS Rocky Linux 8 Benchmark v2.0.0 Change the regular expressions of 17127 |
Security Configuration and Compliance Policy for MacOS 15.x | Re-release of Security Configuration and Compliance Policy for MacOS 15.x |
DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V3R1 and Microsoft Windows Server 2019 DC, V3R1 | Re-release of DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V3R1 and Microsoft Windows Server 2019 DC, V3R1 |
CIS Benchmark for Amazon Linux 2, v3.0.0 | Re-release of CIS Benchmark for Amazon Linux 2, v3.0.0 |
CIS Benchmark for Microsoft Windows 10 Stand-alone, v3.0.0 | Re-release of CIS Benchmark for Microsoft Windows 10 Stand-alone, v3.0.0 to replace 25712 control with 27781 |
DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R9 | Re-release of DISA Security Technical Implementation Guide (STIG) for Windows 10, V2R9 to replace 25712 control with 27781 |
CIS Microsoft Intune for Windows 10 Benchmark, v3.0.1 | Re-release of CIS Microsoft Intune for Windows 10 Benchmark, v3.0.1 to replace 25712 control with 27781 |
CIS Benchmark for Microsoft Windows 10 EMS Gateway, v3.0.0 | Re-release of CIS Benchmark for Microsoft Windows 10 EMS Gateway, v3.0.0 to replace 25712 control with 27781 |
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- DISA Security Technical Implementation Guide (STIG) for Cisco ISE NDM V1R6
- CIS Palo Alto Firewall 11 Benchmark v1.1.0
- CIS Palo Alto Firewall 10 Benchmark v1.2.0
- CIS Oracle Linux 9 Benchmark v2.0.0
- CIS Apple macOS 14.0 Sonoma Benchmark 1.1.0
- CIS Apple macOS 13.0 Ventura Benchmark 2.1.0
- CIS Microsoft Edge Benchmark, 3.0.0
- DISA Apache Tomcat Application Server 9 Security Technical Implementation Guide, V3R1
- DISA Red Hat JBoss Enterprise Application Platform (EAP) 6.3 STIG – V2R4
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V3R1
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for Windows, V3R1
- DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS, V1R12
- DISA Security Technical Implementation Guide (STIG) for Cisco ASA Firewall, V2R1
- DISA Security Technical Implementation Guide (STIG) for Cisco ASA NDM, V2R1
- DISA Security Technical Implementation Guide (STIG) for Cisco ASA VPN, V2R1
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router NDM, V3R1
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router RTR, V3R1
- DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V3R1
- DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch RTR, V3R1
- DISA Security Technical Implementation Guide (STIG) for F5 Big-IP Device Management, V2R3
- DISA Security Technical Implementation Guide (STIG) for F5 Big-IP Local Traffic Manager, V2R3
- DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V3R1
- DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V3R1
- DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016, V2R3
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC, V2R8
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS,V2R8
- DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 8, V2R1
- DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V3R1
- DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks IDPS, V3R1
- DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks NDM, V3R1
- Qualys Security Configuration & Compliance Policy for Citrix NetScaler
- DISA Security Technical Implementation Guide (STIG) for Ubuntu 18.04 LTS, V2R15
- DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 15.x, V2R1
- DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R15
- Royal Decree 311/2022 – Annex II (HIGH) for Windows
- Royal Decree 311/2022 – Annex II (HIGH) for Linux
- DISA Security Technical Implementation Guide (STIG) for Solaris 10 SPARC, V2R4
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 MS , V3R7
- DISA Security Technical Implementation Guide (STIG) for Windows 10,V3R1
- DISA Security Technical Implementation Guide (STIG) for VMware vSphere ESXi 7.0, V1R2
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 MS, V3R7
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 MS , V3R7
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 DC , V3R7
- DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 7, V1R2
- DISA Security Technical Implementation Guide (STIG) for VMware vSphere 7.0 Virtual Machine, V1R2
- DISA Security Technical Implementation Guide (STIG) for Google Chrome, V2R9
- DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox, V6R5
- DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V1R7
- DISA Security Technical Implementation Guide (STIG) for Microsoft Internet Explorer 11, V2R3
- Microsoft Security Baseline for Windows 11 version 24H2
- DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series NDM, V1R4
- Security Configuration and Compliance Policy for Cisco APIC 6.x
Learn More
Discover how Qualys Enterprise TruRisk Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more here.
Additional Information
Feel free to contact your TAM or Qualys Technical Support if you have questions.
Find all policy library updates here.
Check out Qualys’ updated Certification Page at CIS here.