Policy Compliance Library Updates, January 2025 

Vaishali Kulkarni
Vaishali Kulkarni
- 9 min read

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices. 

Qualys’ Certification Page at CIS has been updated.  

CIS Benchmark Policies

Center for Internet Security (CIS) Benchmarks policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. This reduces the risk of cyberattacks like data breaches by leveraging industry best practices.

DISA STIG Policies

STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). This equips them with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.

Qualys Policies

Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.

Safeguard Computer Security Evaluation Matrix (SCSEM)

It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.

Compliance Standards

Compliance standards are regulatory frameworks safeguarding sensitive data and ensuring privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.

New Policies/Mandates 

Listed below are the number of policies and mandates deployed in January 2025: 

CIS Benchmark Policies 4
DISA STIG Policy 4
Industry Best Practices Policy 18
New Supported Mandates 
Deprecated Mandates 

Listed below are the newly published policies and mandates:  

CIS Benchmark Policies • CIS Benchmark for Debian Linux 12, v1.1.0
• CIS Benchmark for Palo Alto Firewall 11, v1.1.0
• CIS Benchmark for Palo Alto Firewall 10, v1.2.0
• CIS Apache HTTP Server 2.4 Benchmark v2.2.0
DISA STIG Policies • DISA Security Technical Implementation Guide (STIG) for Ubuntu 18.04 LTS, V2R15
• DISA Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS, V2R1
• DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC,V2R9
• DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS,V2R9
Industry and Best Practices Policies • Safeguard Computer Security Evaluation Matrix for Oracle 12c on Linux host, v4.4
• Safeguard Computer Security Evaluation Matrix for Oracle 12c on Windows host, v4.4
• Safeguard Computer Security Evaluation Matrix for Oracle 18c on Linux host, v4.4
• Safeguard Computer Security Evaluation Matrix for Oracle 18c on Windows host, v4.4
• Safeguard Computer Security Evaluation Matrix for Oracle 19c on Linux host, v4.4
• Safeguard Computer Security Evaluation Matrix for Oracle 19c on Windows host, v4.4
• Safeguard Computer Security Evaluation Matrix for Microsoft SQL Server 2016, v6.0
• Safeguard Computer Security Evaluation Matrix for Microsoft SQL Server 2017, v6.0
• Safeguard Computer Security Evaluation Matrix for Microsoft SQL Server 2019, v6.0
• Safeguard Computer Security Evaluation Matrix for Microsoft SQL Server 2022, v6.0
• Safeguard Computer Security Evaluation Matrix for Microsoft Windows 11, v3.0
• Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2016, v3.0
• Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2019, v2.0
• Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2022, v2.0
• Safeguard Computer Security Evaluation Matrix for Microsoft Windows 10, v6.0  
• Security Configuration and Compliance Policy for AudioCodes Session Border Controller 7.x
• Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2012, v3.6
• Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2012 R2, v3.6
New Supported Mandates 
Deprecated mandates 

Deprecated Policies 

  • CIS Apple macOS 11.0 Big Sur Benchmark, v3.0.0
  • CIS Benchmark for Apache Tomcat 10, v1.0.0
  • CIS Benchmark for Azure Kubernetes Service (AKS), v1.3.0
  • CIS Benchmark for Azure Kubernetes Service (AKS), v1.4.0
  • CIS Benchmark for Cisco Firewall ASA 9.x, v1.0.0
  • CIS Benchmark for Docker, v1.6.0
  • CIS Benchmark for Fortigate 7.0.x, v1.2.0
  • CIS Benchmark for Google Kubernetes Engine (GKE), v1.4.0
  • CIS Benchmark for Microsoft Edge, v2.0.0
  • CIS Benchmark for Microsoft Office Enterprise, v1.1.0
  • CIS Benchmark for Microsoft Windows 10 EMS Gateway, v2.0.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise, v1.12.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise, German, v1.12.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise, v2.0.0
  • CIS Benchmark for Microsoft Windows 10 Stand-alone, v2.0.0
  • CIS Benchmark for Microsoft Windows 11 Stand-alone, v2.0.0
  • CIS Benchmark for Microsoft Windows Server 2016, v2.0.0
  • CIS Benchmark for Microsoft Windows Server 2019 Stand-alone, v1.0.0
  • CIS Benchmark for Microsoft Windows Server 2019 , v2.0.0
  • CIS Benchmark for Microsoft Windows Server 2022 , v2.0.0
  • CIS Benchmark for PostgreSQL 14 , v1.0.0
  • CIS Benchmark for VMware ESXi 6.7 , v1.3.0
  • CIS Benchmark for VMware ESXi 7.0 , V1.3.0
  • CIS Benchmark for VMware ESXi 8.0 , V1.0.0
  • CIS IBM AIX 7.2 Benchmark , v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC, V2R5
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 DC, V2R7
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS,V2R5
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2016 MS,V2R7
  • DISA Security Technical Implementation Guide (STIG) for Ubuntu 18.04 LTS, V2R13
  • CIS Benchmark for Apache HTTP Server 2.4, v2.1.0 
  • CIS Benchmark for Apache HTTP Server 2.4, v2.0.0 
  • CIS Benchmark for Debian Linux 12, v1.0.1
  • Safeguard Computer Security Evaluation Matrix for Oracle 18c on Windows Host, v4.3
  • Safeguard Computer Security Evaluation Matrix for Oracle 18c on Linux host, v4.3
  • Safeguard Computer Security Evaluation Matrix for Oracle 19c on Windows Host, v4.3
  • Safeguard Computer Security Evaluation Matrix for Oracle 19c on Linux host, v4.3
  • Safeguard Computer Security Evaluation Matrix for Oracle 12c on Linux host, v4.3
  • Safeguard Computer Security Evaluation Matrix for Oracle 12c on Windows Host, v4.3
  • Safeguard Computer Security Evaluation Matrix for Microsoft SQL Server 2019, v5.0
  • Safeguard Computer Security Evaluation Matrix for Microsoft SQL Server 2016, v5.0
  • Safeguard Computer Security Evaluation Matrix for Microsoft SQL Server 2022, v5.0
  • Safeguard Computer Security Evaluation Matrix for Microsoft SQL Server 2017, v5.0
  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2022, v1.1
  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2019, v1.5
  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2016, v2.4
  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows 11, v2.0
  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows 10, v5.0
  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2012, v3.3
  • Safeguard Computer Security Evaluation Matrix for Microsoft Windows Server 2012 R2, v3.3
  • CIS Benchmark for Palo Alto Firewall 11, v1.0.0
  • CIS Benchmark for Palo Alto Firewall 10, v1.1.0

Policy Updates 

We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.

Policy Update  
CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0Policy re-release for CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 to update the regular expressions for CID 23756, CID 23757, and remove the  CID 29256 and re-add it again.
CIS Benchmark for SUSE Linux Enterprise 15.x, v1.1.1Policy re-release for CIS Benchmark for SUSE Linux Enterprise 15.x, v1.1.1 to add CID 10236 and remove CIDs 10823 and 10824.
CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0Policy re-release for CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0 to remove the CID 26413 and using CID 21451 and CID 21452 for CID 29669.
CIS Benchmark for MacOS Safari, v2.0.0Policy re-release for CIS Benchmark for MacOS Safari, v2.0.0 to update with Safari 18.x.
CIS Benchmark for Oracle Linux 7, v4.0.0Policy re-release for CIS Benchmark for Oracle Linux 7, v4.0.0 to update the regular expressions of CID 11641
23756, 23757.
CIS Benchmark for Oracle Linux 8, v3.0.0Policy re-release for CIS Benchmark for Oracle Linux 8, v3.0.0 to update the regular expressions of CID 11641
23756, 23757.
CIS Benchmark for Juniper OS, v2.1.0Policy re-release for CIS Benchmark for Juniper OS, v2.1.0 to update Junos 23.x.
CIS Benchmark for Ubuntu Linux 20.04 LTS, v2.0.1Policy re-release for CIS Benchmark for Ubuntu Linux 20.04 LTS, v2.0.1 to update the regular expressions for CID 11641.
CIS Benchmark for Mozilla Firefox 102 ESR, v1.0.0Policy re-release for CIS Benchmark for Mozilla Firefox 102 ESR, v1.0.0.
DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R14Re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R14.
CIS Benchmark for Mozilla Firefox ESR GPO v1.0.0Re-release for CIS Benchmark for Mozilla Firefox ESR GPO v1.0.0.
Security Configuration and Compliance Policy for Amazon Aurora RDS – MySQL DatabaseRe-release for Security Configuration and Compliance Policy for Amazon Aurora RDS – MySQL Database.
CIS Benchmark for Oracle MySQL Enterprise Edition 8.0, v1.3.0 MySQL RDBMS on LinuxRe-release for CIS Benchmark for Oracle MySQL Enterprise Edition 8.0, v1.3.0 MySQL RDBMS on Linux.
CIS Benchmark for Oracle MySQL Community Edition 8.0, v1.0.0 MySQL RDBMS on Linux Re-release for CIS Benchmark for Oracle MySQL Community Edition 8.0, v1.0.0 MySQL RDBMS on Linux.
CIS Benchmark for Amazon Linux STIG 2, v2.0.0Re-release for CIS Benchmark for Amazon Linux STIG 2, v2.0.0

Proposed Upcoming Policies

  We plan to release the following policies and updates next month: 

  • DISA Security Technical Implementation Guide (STIG) for Windows 10, V3R2
  • CIS Apache Cassandra 3.11 Benchmark v1.2.0
  • CIS MongoDB 6 Benchmark v1.2.0
  • CIS MongoDB 7 Benchmark v1.1.0
  • CIS Apache Cassandra 4.0 Benchmark v1.2.0
  • CIS Apache Cassandra 4.1 Benchmark v1.1.0
  • Security Configuration & Compliance Policy for Apache Tomcat 11.x
  • CIS Benchmark for CentOS Linux 7, v4.0.0 policy
  • CIS Microsoft Windows Server 2022 STIG Benchmark v2.0.0
  • CIS Microsoft Windows Server 2019 STIG Benchmark v3.0.0
  • DISA Security Technical Implementation Guide (STIG) for MongoDB 7.x, V1R1
  • Safeguards Debian Linux 9 Audit File
  • Safeguards Debian Linux 10 Audit File
  • Safeguards Debian Linux 11 Audit File
  • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 8, V2R1

Learn More 

Discover how Qualys Enterprise TruRisk Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more here.  

Additional Information 

Feel free to contact your TAM or Qualys Technical Support if you have questions. 

Find all policy library updates here

Check out Qualys’ updated Certification Page at CIS here.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *