Policy Compliance Library Updates, December 2024
Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices.
Qualys’ Certification Page at CIS has been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmarks policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. This reduces the risk of cyberattacks like data breaches by leveraging industry best practices.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). This equips them with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks safeguarding sensitive data and ensuring privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in December 2024:
CIS Benchmark Policies | 8 |
DISA STIG Policy | 22 |
Industry Best Practices Policy | 6 |
New Supported Mandates | |
Deprecated Mandates |
Listed below are the newly published policies and mandates:
CIS Benchmark Policies | • CIS Benchmark for Microsoft Windows 11 Enterprise, v3.0.0 [Automated and Manual, All Profiles] – Spanish • CIS Benchmark for Apple macOS 13 Ventura v3.0.0 • CIS Benchmark for Apple macOS 15 Sequoia v1.0.0 • CIS Benchmark for Microsoft Windows 10 Enterprise, v3.0.0 [Automated and Manual, All Profiles] – Spanish • CIS Benchmark for Apache Tomcat 9 for Windows, v1.2.0 • CIS Oracle Linux 9 Benchmark v2.0.0 • CIS Red Hat Enterprise Linux 9 Benchmark v2.0.0 • CIS Ubuntu Linux 24.04 LTS Benchmark v1.0.0 |
DISA STIG Policies | • DISA Security Technical Implementation Guide (STIG) for Ubuntu 20.04 LTS STIG V2R1 • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Edge Transport Server, V2R5 • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Mailbox Server, V2R6 • DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V3R1 • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Database, V3R2 • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Instance, V3R2 • DISA Security Technical Implementation Guide (STIG) for VMware vSphere 7.0 Virtual Machine, V1R3 • DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 7, V1R3 • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 15.x, V2R1 • DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series NDM, V1R4 • DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series RTR, V1R4 • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch RTR, V3R2 • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V3R2 • DISA Security Technical Implementation Guide (STIG) for DataPower NDM, V1R2DISA Security Technical Implementation Guide (STIG) for DataPower ALG, V1R1 • DISA Security Technical Implementation Guide (STIG) for F5 Big-IP Device Management, V2R3 • DISA Security Technical Implementation Guide (STIG) for F5 Big-IP Local Traffic Manager, V2R3 • DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V3R1 • DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V3R1 • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V2R1 • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V2R2 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R2 |
Industry and Best Practices Policies | • Security Configuration and Compliance Policy for IBM Informix Database • Security Configuration and Compliance Policy for Opengear 5.x • Security Configuration and Compliance Policy for DataStax Enterprise 5.x • VMware vSphere Security Configuration Guide (SCG) for ESXi 8.x • Microsoft Security Baseline for Windows 11 Version 24H2 • Security Configuration and Compliance Policy for Windows Server 2025 |
New Supported Mandates | |
Deprecated mandates |
Deprecated Policies
- DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Edge Transport Server, V2R4
- DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Mailbox Server, V2R4
- DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V2R8
- DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Database, V3R2
- DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Instance, V3R2
- DISA Security Technical Implementation Guide (STIG) for VMware vSphere 7.0 Virtual Machine, V1R2
- DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 7, V1R2
- DISA Security Technical Implementation Guide (STIG) for Arista MLS DCS-7000 Series NDM, V1R3
- CIS Benchmark for Apple macOS 13 Ventura v2.0.0
- Security Configuration and Compliance Policy for MacOS 15.x
- DISA Security Technical Implementation Guide (STIG) for Active Directory Domain, V3R4
- DISA Security Technical Implementation Guide (STIG) for Active Directory Domain, V3R3
- DISA Security Technical Implementation Guide (STIG) for Active Directory Forest, V2R8
- DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch RTR, V3R1
- DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch RTR, V2R3
- DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch RTR, V2R1
- DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V2R8
- DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V2R5
- DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch NDM, V3R1
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
Policy | Update |
DISA Security Technical Implementation Guide (STIG) for Solaris 10 SPARC, V2R4 | Policy re-release to update DISA Security Technical Implementation Guide (STIG) for Solaris 10 SPARC, V2R4. |
DISA Security Technical Implementation Guide (STIG) for Active Directory Domain, V3R5 | Policy re-release to update DISA Security Technical Implementation Guide (STIG) for Active Directory Domain, V3R5. |
DISA Security Technical Implementation Guide (STIG) for Active Directory Forest, V3R1 | Policy re-release to update DISA Security Technical Implementation Guide (STIG) for Active Directory Forest, V3R1. |
CIS Benchmark for Amazon Linux 2023, v1.0.0 | Policy re-release for CIS Benchmark for Amazon Linux 2023, v1.0.0 to update the regular expression for CID 25465. |
CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0 | Policy re-release for CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0. |
DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R14 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R14. |
CIS PostgreSQL 15.x, V1.1.0 | Policy re-release for CIS PostgreSQL 15.x, V1.1.0 to add CID 14175. |
MSSQL technologies | Policy re-release Separate level policies for MSSQL technologies. |
CIS Oracle Linux 7 v4.0.0 | Policy re-release for CIS Oracle Linux 7 v4.0.0 to update the regular expression for CID 25465. |
CIS CentOS 7 v4.0.0 | Policy re-release to update the regular expressions for CIS CentOS 7 v4.0.0. |
CIS OEL 8 v3.0.0 | Policy re-release to update the regular expressions for CIS OEL 8 v3.0.0. |
CIS Benchmark for Alma Linux 8 v3.0.0 | Re-release for CIS Benchmark for Alma Linux 8 v3.0.0. |
CIS Benchmark for Alma Linux 9, v1.0.0 | Re-release for CIS Benchmark for Alma Linux 9, v1.0.0. |
CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0. |
CIS Benchmark for SUSE Linux Enterprise 12.x, v3.1.0 | Re-release for CIS Benchmark for SUSE Linux Enterprise 12.x, v3.1.0 to update the regular expressions for CID 4990 and CID 10693. |
CIS Benchmark for SUSE Linux Enterprise 15.x, v1.1.1 | Re-release for CIS Benchmark for SUSE Linux Enterprise 15.x, v1.1.1 to update the regular expressions for CID 4990 and CID 10693. |
CIS Microsoft Windows server 2016, 2019, 2022 benchmark, v3.0.0 | Re-release for creating L1 and L2 profile for CIS Microsoft Windows server 2016, 2019, 2022 benchmark, v3.0.0. |
CIS Centos Linux 7 v4.0.0 | Re-release for CIS Centos Linux 7 v4.0.0 to replace CID 2741 with 28408 and 28409. |
Apache Tomcat 9, v1.2.0 | Re-release to update Apache Tomcat 9, v1.2.0 |
DISA Security Technical Implementation Guide (STIG) for Solaris 10 X86, V2R4 | Re-release for DISA Security Technical Implementation Guide (STIG) for Solaris 10 X86, V2R4. |
CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0. |
CIS Benchmark for Ubuntu Linux 22.04 LTS, v1.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 22.04 LTS, v1.0.0 to update the regular expressions |
Microsoft Security Baseline for Windows 11 Version 24H2 | Re-release for Microsoft Security Baseline for Windows 11 Version 24H2 |
NIST 800-53 Rev 4 for Database | Re-release for NIST 800-53 Rev 4 for Database policy. |
NIST 800-53 Rev 5 for Database | Re-release for NIST 800-53 Rev 5 for Database policy |
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- CIS Palo Alto Firewall 11 Benchmark v1.1.0
- CIS Palo Alto Firewall 10 Benchmark v1.2.0
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC, V2R9
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS,V2R9
- DISA Security Technical Implementation Guide (STIG) for Ubuntu 18.04 LTS, V2R15
- DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 22.04 LTS Ver 2, Rel 1
- CIS Debian Linux 12 Benchmark v1.1.0
- Safeguards Oracle 12c, 18c and 19c RDBMS Audit File
- Safeguards SQL Server 2016, 2017, 2019, 2022 Audit File
- Safeguards Windows 10, Windows 11, 2012 Audit File
- Safeguards Windows Server 2016, 2019, 2022 Audit File
- Safeguards Windows 2012 R2 Audit File
- Security Configuration & Compliance Policy for AudioCodes Session Border Controller 7.x
- Security Configuration & Compliance Policy for Apache Tomcat 11.x
Learn More
Discover how Qualys Enterprise TruRisk Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more here.
Additional Information
Feel free to contact your TAM or Qualys Technical Support if you have questions.
Find all policy library updates here.
Check out Qualys’ updated Certification Page at CIS here.