Policy Compliance Library Updates, November 2024

Vaishali Kulkarni

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices. 

Qualys’ Certification Page at CIS has been updated.   

CIS Benchmark Policies

Center for Internet Security (CIS) Benchmarks policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. This reduces the risk of cyberattacks like data breaches by leveraging industry best practices.

DISA STIG Policies

STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). This equips them with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.

Qualys Policies

Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.

Safeguard Computer Security Evaluation Matrix (SCSEM)

It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.

Compliance Standards

Compliance standards are regulatory frameworks safeguarding sensitive data and ensuring privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.

New Policies/Mandates 

Listed below are the number of policies and mandates deployed in November 2024: 

CIS Benchmark Policies 2
DISA STIG Policy 34
Industry Best Practices Policy 4
New Supported Mandates 
Deprecated Mandates 

Listed below are the newly published policies and mandates:  

CIS Benchmark Policies • CIS Benchmark for Apple macOS 14 Sonoma, v2.0.0
• CIS Benchmark for Microsoft Edge, v3.0.0
DISA STIG Policies • DISA Apache Tomcat Application Server 9 Security Technical Implementation Guide, V3R1
• DISA Red Hat JBoss Enterprise Application Platform (EAP) 6.3 STIG – V2R4
• DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V3R1
• DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for Windows, V3R1
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch L2S, V3R1
• DISA Security Technical Implementation Guide (STIG) for Cisco ASA NDM, V2R1
• DISA Security Technical Implementation Guide (STIG) for Cisco ASA VPN, V2R1
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router NDM, V3R1
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router RTR, V3R1
• DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V3R1
• DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch RTR, V3R1
• DISA Security Technical Implementation Guide (STIG) for IIS 10 Server, V3R1
• DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016, V2R3
• DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R1
• DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch L2S, V3R2
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V3R2
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR, V3R2
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR, V3R2
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V3R2
• DISA Security Technical Implementation Guide (STIG) for MariaDB 10.x, V2R2
• DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V3R2
• DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks IDPS, V3R1
• DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks NDM, V3R2
• DISA Security Technical Implementation Guide (STIG) for Windows 10,V3R1
• DISA Security Technical Implementation Guide (STIG) for NetApp ONTAP DSC 9.x, V2R2
• DISA Security Technical Implementation Guide (STIG) for Oracle MySQL 8.0, V2R1
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router RTR, V3R2
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V3R2
• DISA Security Technical Implementation Guide (STIG) for Cisco ASA NDM, V2R2
• DISA Security Technical Implementation Guide (STIG) for Cisco ASA VPN, V2R2
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router NDM, V3R2
• DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 DC, V2R2
• DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 MS,V2R2
• DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM, V3R2
Industry and Best Practices Policies • Security Configuration and Compliance Policy for Cisco APIC 6.x
• Security Configuration and Compliance Policy for Microsoft Azure Stack HCI
• Royal Decree 311/2022 – Annex II (HIGH) Policy for Windows
• Royal Decree 311/2022 – Annex II (HIGH) Policy for Linux
New Supported Mandates 
Deprecated mandates 

Deprecated Policies 

  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks IDPS, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks NDM, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch L2S, V1R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM, V2R8
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V2R8
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch NDM, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco ASA NDM, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco ASA NDM, V1R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco ASA VPN, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V2R8
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router NDM, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR, V2R8
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V2R7

Policy Updates 

We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.

Policy Update  
CIS Microsoft Intune for Windows 11 Benchmark, v3.0.1Policy re-release for CIS Microsoft Intune for Windows 11 Benchmark, v3.0.1
CIS Benchmark for Microsoft SQL Server 2019, v1.4.0Policy re-release for CIS Benchmark for Microsoft SQL Server 2019, v1.4.0
CIS Benchmark for SUSE Linux Enterprise 12.x, v3.1.0Policy re-release for CIS Benchmark for SUSE Linux Enterprise 12.x, v3.1.0
CIS Benchmark for SUSE Linux Enterprise 15.x, v1.1.1Policy re-release for CIS Benchmark for SUSE Linux Enterprise 15.x, v1.1.1
CIS Benchmark for Oracle Linux 8, v3.0.0Policy re-release for CIS Benchmark for Oracle Linux 8, v3.0.0 to update cardinality and regular expressions for CID 9705, 9712, 20618, 9706, 9713, 9708, 9715, 9709, 9716, 9707, 9714, 17275 
DISA Security Technical Implementation Guide (STIG) for Oracle WebLogic Server 12c, V2R1Policy re-release for DISA Security Technical Implementation Guide (STIG) for Oracle WebLogic Server 12c, V2R1
CIS Benchmark for Amazon Linux 2023, v1.0.0Policy re-release for CIS Benchmark for Amazon Linux 2023, v1.0.0
CIS Benchmark for Microsoft Exchange Server 2016, v1.0.0Policy re-release for CIS Benchmark for Microsoft Exchange Server 2016, v1.0.0
CIS Microsoft Windows 11 Enterprise Benchmark, v3.0.0Policy re-release for CIS Microsoft Windows 11 Enterprise Benchmark, v3.0.0
CIS Benchmark for Palo Alto Firewall 11, v1.0.0Policy re-release for CIS Benchmark for Palo Alto Firewall 11, v1.0.0 to update regular expressions for 13911 and 13912 
Security Configuration and Compliance Policy for IBM WebSphere 8.x  Policy re-release for Security Configuration and Compliance Policy for IBM WebSphere 8.x for IBM WebSphere Traditional V9.x, V1R1 to replace CID 15820 with 28481 
DISA Security Technical Implementation Guide (STIG) for IBM WebSphere Traditional V9.x, V1R1Policy re-release for DISA Security Technical Implementation Guide (STIG) for IBM WebSphere Traditional V9.x, V1R1 to replace CID 15820 with 28481 
CIS Benchmark for Microsoft Windows 10 Stand-alone, v3.0.0Re-release for CIS Benchmark for Microsoft Windows 10 Stand-alone, v3.0.0
CIS Microsoft Intune for Windows 10 Benchmark, v3.0.1 Re-release for CIS Microsoft Intune for Windows 10 Benchmark, v3.0.1
CIS Benchmark for Microsoft Windows 10 EMS Gateway, v3.0.0Re-release for CIS Benchmark for Microsoft Windows 10 EMS Gateway, v3.0.0 to replace 25712 control with 27781
DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series NDM, V1R3Re-release for DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series NDM, V1R3
CIS Benchmark for Oracle Linux 7, v4.0.0Re-release of CIS Benchmark for Oracle Linux 7, v4.0.0 to update the fixes.
CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0Re-release of CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 to update the fixes.
CIS Benchmark for Microsoft Windows Server 2016, v3.0.0Re-release of CIS Benchmark for Microsoft Windows Server 2016, v3.0.0
DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series RTR, V1R3Re-release of DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series RTR, V1R3
CIS Benchmark for Microsoft Windows Server 2022, v3.0.0Re-release of CIS Benchmark for Microsoft Windows Server 2022, v3.0.0
CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0Re-release of CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0 to change multiple CIDs and update the fixes.
CIS Cisco IOS XE 17.x Benchmark, v2.1.0Re-release of CIS Cisco IOS XE 17.x Benchmark, v2.1.0 to update regular expressions for 4364
CIS Oracle Database 19c Benchmark v1.2.0Re-release of CIS Oracle Database 19c Benchmark v1.2.0
Centos 7 and 8 linux policiesRe-release of Centos 7 and 8 linux policies to update the changes.
CIS Benchmark for Ubuntu Linux 20.04 LTS, v2.0.1Re-release for CIS Benchmark for Ubuntu Linux 20.04 LTS, v2.0.1 to change the CID for Ubuntu 20.
DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V1R2Re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V1R2.
CIS Benchmark for IBM DB2 13 for z/OS, v1.0.0Re-release for CIS Benchmark for IBM DB2 13 for z/OS, v1.0.0
Security Configuration and Compliance Policy for Amazon Aurora RDS – MySQL DatabaseRe-release for Security Configuration and Compliance Policy for Amazon Aurora RDS – MySQL Database.
CIS Benchmark for Amazon Linux STIG 2, v2.0.0Re-release for CIS Benchmark for Amazon Linux STIG 2, v2.0.0.
DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R13Re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V1R13.
CIS Benchmark for CentOS Linux 7, v4.0.0
CIS Benchmark for CentOS Linux 8, v2.0.0
CIS Benchmark for Oracle Linux 8, v3.0.0
DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 8, V2R1
CIS Benchmark for Oracle Linux 9, v1.0.0
CIS Benchmark for Red Hat Enterprise Linux 9, v1.0.0
Re-release of linux policies for the following CIDs to:
• Replace CID-23743 by CID-28950
• Replace CID-13138 and 10663 and add CID-28817
• Update the regular expressions for CID-26670 and CID-21452
• Replace CID-5436 by CID-21451 and 29614

Proposed Upcoming Policies

  We plan to release the following policies and updates next month: 

  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch RTR, V3R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V3R2
  • CIS Microsoft Windows 10 Enterprise v3.0.0 SPANISH version
  • CIS Cisco Firepower Threat Defense Benchmark v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for Cisco ISE NDM V1R6
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V2R9
  • CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Edge Transport Server, V2R5
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Mailbox Server, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Database, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Instance, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC, V2R9
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS,V2R9
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V3R1
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V3R1
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere 7.0 Virtual Machine, V1R3
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere 8.0 Virtual Machine, V2R1
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere ESXi 8.0, V2R1
  • DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 7, V1R3
  • DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 8, V2R1
  • CIS Apache Cassandra 3.11 Benchmark v1.2.0
  • CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 15.x, V2R1
  • Microsoft Security Baseline for Windows 11 version 24H2
  • DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series NDM, V1R4
  • CIS Microsoft Windows 11 Enterprise v3.0.0 SPANISH version
  • VMware vendor policy templates for ESXi 7.x Newer version
  • DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series RTR, V1R4
  • CIS Apple macOS 15.0 Sequoia Benchmark v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch L2S, V3R2
  • CIS Oracle Linux 9 Benchmark v2.0.0
  • VMware vendor policy templates for ESXi 8.x
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 MS, V3R7
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 MS , V3R7
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 R2 DC , V3R7
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 2012 DC, V3R7
  • DISA Security Technical Implementation Guide (STIG) for F5 Big-IP Device Management, V2R3
  • DISA Security Technical Implementation Guide (STIG) for F5 Big-IP Local Traffic Manager, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Solaris 10 SPARC, V2R4

Learn More 

Discover how Qualys Enterprise TruRisk Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more here.  

Additional Information 

Feel free to contact your TAM or Qualys Technical Support if you have questions. 

Find all policy library updates here

Check out Qualys’ updated Certification Page at CIS here.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *