Policy Compliance Library Updates, February 2025 

Vaishali Kulkarni
Vaishali Kulkarni
- 11 min read

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations most used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS security guidelines from OS and application vendors, and other industry best practices. 

Qualys’ Certification Page at CIS has been updated.  

CIS Benchmark Policies

Center for Internet Security (CIS) Benchmarks policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. This reduces the risk of cyberattacks like data breaches by leveraging industry best practices.

DISA STIG Policies

STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). This equips them with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.

Qualys Policies

Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.

Safeguard Computer Security Evaluation Matrix (SCSEM)

It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.

Compliance Standards

Compliance standards are regulatory frameworks safeguarding sensitive data and ensuring privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.

New Policies/Mandates 

Listed below are the number of policies and mandates deployed in February 2025: 

CIS Benchmark Policies 9
DISA STIG Policy 2
Industry Best Practices Policy 2
New Supported Mandates 
Deprecated Mandates 

Listed below are the newly published policies and mandates:  

CIS Benchmark Policies • CIS Benchmark for Apache Cassandra 3.11, v1.2.0
• CIS Benchmark for MongoDB 6, v1.2.0
• CIS Benchmark for MongoDB 7, v1.1.0
• CIS Benchmark for Apache Cassandra 4.0, v1.2.0
• CIS Benchmark for Apache Cassandra 4.1, v1.1.0
• CIS Benchmark for Microsoft Windows Server 2022 STIG, v2.0.0
• CIS Benchmark for Microsoft Windows Server 2019 STIG, v3.0.0
• CIS Benchmark for Ubuntu Linux 22.04 LTS, v2.0.0
• CIS Apple macOS 12.0 Monterey Benchmark v4.0.0
DISA STIG Policies • DISA Security Technical Implementation Guide (STIG) for Windows 10, V3R2
• DISA Security Technical Implementation Guide (STIG) for MongoDB Enterprise Advanced 7.x, V1R1
Industry and Best Practices Policies • Safeguard Computer Security Evaluation Matrix for Debian Linux 10, v.2.0
• Safeguard Computer Security Evaluation Matrix for Debian Linux 11, v.2.0
New Supported Mandates 
Deprecated mandates 

Deprecated Policies 

  • Security Configuration and Compliance Policy for Apache Cassandra 3.x
  • CIS Benchmark for MongoDB 6, v1.1.0
  • CIS Benchmark for MongoDB 7, v1.0.0
  • Security Configuration and Compliance Policy for Apache Cassandra 4
  • CIS Benchmark for Microsoft Windows Server 2022 STIG, v1.0.0
  • CIS Benchmark for Microsoft Windows Server 2019 STIG, v2.0.0
  • Safeguard Computer Security Evaluation Matrix for Debian Linux 10, v.1.3
  • DISA Apache Tomcat Application Server 9 Security Technical Implementation Guide
  • DISA Red Hat JBoss Enterprise Application Platform (EAP) 6.3 STIG
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for Windows
  • DISA Security Technical Implementation Guide (STIG) for Apple macOS 13 (Ventura)
  • DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x L2S
  • DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x NDM
  • DISA Security Technical Implementation Guide (STIG) for Arista MLS EOS 4.2x Router
  • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS
  • DISA Security Technical Implementation Guide (STIG) for Cisco ASA Firewall
  • DISA Security Technical Implementation Guide (STIG) for Cisco ASA VPN
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch L2S
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch RTR
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch L2S
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch RTR
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router NDM
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router RTR
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch L2S
  • DISA Security Technical Implementation Guide (STIG) for Crunchy Data PostgreSQL
  • DISA Security Technical Implementation Guide (STIG) for Google Chrome
  • DISA Security Technical Implementation Guide (STIG) for IIS 10 Server
  • DISA Security Technical Implementation Guide (STIG) for IIS 10 Site
  • DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM
  • DISA Security Technical Implementation Guide (STIG) for Juniper Router RTR
  • DISA Security Technical Implementation Guide (STIG) for MariaDB 10.x
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Excel 2016
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 DC
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 MS
  • DISA Security Technical Implementation Guide (STIG) for NetApp ONTAP DSC 9.x
  • DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c
  • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 6
  • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 8
  • DISA Security Technical Implementation Guide (STIG) for Oracle MySQL 8.0
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 15.x
  • DISA Security Technical Implementation Guide (STIG) for Windows 10,V2R9
  • CIS Benchmark for Ubuntu Linux 22.04 LTS, v1.0.0
  • CIS Apple macOS 12.0 Monterey Benchmark v3.0.0

Policy Updates 

We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.

Policy Update  
CIS Benchmark for Oracle Linux 9, v2.0.0Policy re-release for CIS Benchmark for Oracle Linux 9, v2.0.0 to update CID 23747.
CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0Policy re-release for CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0 to update CID 23747.
CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0Policy re-release for CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0 to update CID 23747.
CIS Benchmark for CentOS Linux 7, v4.0.0Policy re-release for CIS Benchmark for CentOS Linux 7, v4.0.0 to perform the following actions to the policy
• To add CID 10823 and 29158
• To remove  8889, 22115
• To update the regular expressions of 14598, 14608, 14609
Security Configuration and Compliance Policy for Zoom Client on Windows Remote Endpoints  Policy re-release of Security Configuration and Compliance Policy for Zoom Client on Windows Remote Endpoints to add Windows 11.
CIS Benchmark for SUSE Linux Enterprise 15.x, v1.1.1Policy re-release of CIS Benchmark for SUSE Linux Enterprise 15.x, v1.1.1 to update & remove CIS ref 1.1.11.b from CID 13245
CIS Benchmark for SUSE Linux Enterprise 12.x, v3.1.0Policy re-release CIS Benchmark for SUSE Linux Enterprise 12.x, v3.1.0 to update & remove CIS ref 1.7.1.4.a, 1.7.1.4.b from CID 11485, 11486
CIS Benchmark for SUSE Linux Enterprise 12.x, v3.1.0Re-release for CIS Benchmark for SUSE Linux Enterprise 12.x, v3.1.0 to
• Update & remove CID 17669 
• Update & remove incorrect CIS ref from CID’s 10155, 10156, 11329, 18599, 18600 
CIS Benchmark for Ubuntu Linux 20.04 LTS, v2.0.1Re-release for CIS Benchmark for Ubuntu Linux 20.04 LTS, v2.0.1.
CIS Benchmark for Oracle Linux 7, v4.0.0Re-release for  CIS Benchmark for Oracle Linux 7, v4.0.0 to replace CID 10847 with 21475.
CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0Re-release for CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 to remove CID 10860 and update the control reference for CID 13243.
CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0Re-release for CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0 to add CID 10823 update regular expression for CID 10860.
CIS Benchmark for ISC BIND DNS Server 9.11, v1.0.0Re-release for CIS Benchmark for ISC BIND DNS Server 9.11, v1.0.0
CIS Benchmark for Microsoft Windows 11 Enterprise, v3.0.0Re-release for CIS Benchmark for Microsoft Windows 11 Enterprise, v3.0.0
CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0Re-release for CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0 to update the regular expressions of CID 28295, 29358, and 26437.
CIS Benchmark for Fortigate 7.0.x, v1.3.0Re-release for CIS Benchmark for Fortigate 7.0.x, v1.3.0 to update the regular expressions for CID 10254 and 11872.
CIS and DISA policy with IBM WebSphere Liberty 24.xRe-release for CIS and DISA policy with IBM WebSphere Liberty 24.x
CIS Benchmark for SUSE Linux Enterprise 12.x, v3.1.0Re-release for CIS Benchmark for SUSE Linux Enterprise 12.x, v3.1.0 to update the regular expressions for CID 7451.
CIS Benchmark for Alma Linux 9, v1.0.0Re-release for CIS Benchmark for Alma Linux 9, v1.0.0 to
• Update the regular expressions for CID 12242, 22686
• Remove CID 10673
• Add 27268, 27269, 5044, 5045, 27274, 27275, 27276, 27277, 27281, 27282, 27283, 27284, 6196, 6197, 27575, 27576, 27272, 27273, 28553, 29225, 29226, 29227, 29435, 1752, 1766, 4958, 4967, 4968, 5008, 5011
CIS Benchmark for Cisco Firewall ASA 9.x, v1.1.0Re-release for CIS Benchmark for Cisco Firewall ASA 9.x, v1.1.0 to update the regular expressions for CID 8533.

Proposed Upcoming Policies

  We plan to release the following policies and updates next month: 

  • CIS Ubuntu Linux 20.04 LTS STIG Benchmark v2.0.0
  • CIS AlmaLinux OS 9 Benchmark v2.0.0
  • CIS Rocky Linux 9 Benchmark v2.0.0
  • CIS Apache Tomcat 10.1 Benchmark v1.0.0
  • CIS MariaDB 10.11 Benchmark v1.0.0
  • CIS MariaDB 10.6 Benchmark v1.1.0
  • CIS SUSE Linux Enterprise 12 Benchmark v3.2.0
  • CIS Microsoft Windows Server 2016 STIG Benchmark v3.0.0
  • Security Configuration & Compliance Policy for Apache Tomcat 11.x
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V3R2
  • DISA Security Technical Implementation Guide (STIG) for Juniper SRX SG NDM, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Juniper Router RTR, V3R2
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for Windows, V3R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch RTR, V3R3
  • DISA Security Technical Implementation Guide (STIG) for MariaDB 10.x, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks IDPS, V3R2
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 8, V2R3
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 15.x, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022, MS V2R3
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere ESXi 8.0, V2R2
  • DISA Security Technical Implementation Guide (STIG) for Microsoft DotNet Framework 4.0, V2R5
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX, V2R5
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019, MS V3R3
  • DISA Security Technical Implementation Guide (STIG) for Windows 10,V3R3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Mailbox Server, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2016 Edge Transport Server, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V3R2
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V3R2
  • DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Instance, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus, V3R2
  • CIS SUSE Linux Enterprise 15 Benchmark v2.0.0
  • CIS Oracle MySQL Community Server 8.4 Benchmark v1.0.0
  • CIS Oracle MySQL Enterprise Edition 8.4 Benchmark v1.0.0
  • Safeguards Apache 2.4 Audit File
  • Safeguards CheckPoint Firewall Audit File
  • Security Configuration and Compliance Policy for Huawei VRP OS 8.x
  • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 22.04 LTS STIG, Ver 2, Rel 3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SharePoint 2013 STIG, Ver 2, Rel 4
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch STIG NDM, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router STIG NDM, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router STIG RTR, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router STIG NDM, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router STIG Router, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022, DC V2R3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019, DC V3R3
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere 8.0 Virtual Machine, V2R1
  • DISA Security Technical Implementation Guide (STIG) for VMware vSphere ESXi 8.0, V2R1
  • CIS Kubernetes Benchmark v1.10.0
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R3

Learn More 

Discover how Qualys Enterprise TruRisk Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more here.  

Additional Information 

Feel free to contact your TAM or Qualys Technical Support if you have questions. 

Find all policy library updates here

Check out Qualys’ updated Certification Page at CIS here.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *