Policy Compliance Library Updates, MAY 2025
Qualys’ library of built-in policies makes it easy to comply with the widely adopted security standards and regulations. The platform offers a broad range of policies, including many that have been certified by the Center for Internet Security (CIS), as well as security guidelines and industry best practices from operating system and application vendors.
Qualys’ Certification Page on the CIS website has also been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmark policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. By leveraging industry best practices, these guidelines help reduce the risk of cyberattacks like data breaches.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). These guidelines equip organizations with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks that safeguard sensitive data and help ensure privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in May 2025:
CIS Benchmark Policies | 10 |
DISA STIG Policy | 2 |
Industry Best Practices Policy | 2 |
New Supported Mandates | 3 |
Deprecated Mandates | 0 |
Listed below are the newly published policies and mandates:
CIS Benchmark Policies | • CIS Benchmark for Google Container-Optimized OS, v1.2.0 • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.3.1 • CIS Benchmark for Microsoft Windows Server 2008 (non-R2), v3.3.1 • CIS Benchmark for Cisco NX-OS, V1.2.0 • CIS Benchmark for VMware ESXi 8.0, V1.2.0 • CIS Benchmark for Microsoft Windows 10 Enterprise, v3.0.0 • CIS Benchmark for SUSE Linux Enterprise 15.x, v2.0.1 • CIS Benchmark for Microsoft IIS 10, v1.2.1, Spanish • CIS Microsoft Windows 11 Enterprise Benchmark, v4.0.0 • CIS Ubuntu Linux 20.04 LTS Benchmark, v3.0.0 |
DISA STIG Policies | • DISA Security Technical Implementation Guide (STIG) for Enterprise Linux 8, V2R3 • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V3R2 |
Industry Best Practices Policies | • ASD ACSC’s Essential Eight Maturity Model for Hardening Microsoft 365, Office 2021, Office 2019, and Office 2016 • Security Configuration and Compliance Policy for Nutanix Prism Central |
New Supported Mandates | • Trusted Information Security Assessment Exchange (TISAX) ISA v6 • NCA-Data Cybersecurity Controls • Protection Profile for Application Software, Version 1.4 |
Deprecated mandates | NA |
Deprecated Policies
- CIS Benchmark for Google Container-Optimized OS, v1.1.0
- CIS Benchmark for Microsoft Windows Server 2008 R2, v3.3.0
- CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.3.0
- CIS Benchmark for Cisco NX-OS, V1.1.0
- CIS Benchmark for VMware ESXi 8.0, V1.1.0
- DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 8, V2R1
- CIS Benchmark for SUSE Linux Enterprise 15.x, v2.0.0
- DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V3R1
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
Policy | Update |
CIS Benchmark for Debian Linux 11, v1.0.0 | Policy re-release for CIS Benchmark for Debian Linux 11, v1.0.0 to update the regular expression for CID 13244. |
CIS Benchmark for NGINX v2.1.0 | Policy re-release for CIS Benchmark for NGINX v2.1.0 |
CIS Benchmark for Cisco IOS 15, V4.1.1 | Policy re-release for CIS Benchmark for Cisco IOS 15, V4.1.1 to replace CID 4394 by CID 8969. |
DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V3R2 | Policy re-release for DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V3R2 to update the regular expression for CID 29141. |
CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0 | Policy re-release for CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0 to update CID 23814. |
CIS Benchmark for Microsoft Windows Server 2025, v1.0.0 | Policy re-release for CIS Benchmark for Microsoft Windows Server 2025, v1.0.0. |
CIS Benchmark for Red Hat Enterprise Linux 8 STIG , v1.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 8 STIG , v1.0.0 to update the regular expressions. |
CIS Benchmark for Oracle Linux 7, v4.0.0 | Re-release for CIS Benchmark for Oracle Linux 7, v4.0.0 to replace 20647 with 27846. |
CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 to replace 25478 and 25490 with 28818 and 28819. |
CIS Microsoft Intune for Windows 11 Benchmark, v3.0.1 | Re-release for CIS Microsoft Intune for Windows 11 Benchmark, v3.0.1 |
CIS Benchmark for Oracle Linux 8, v3.0.0 | Re-release for CIS Benchmark for Oracle Linux 8, v3.0.0 to replace 12406, 8771, and 1203 with 29417, 29418, 29419, 29420, 29421, 29422, 29427, 29428, 29429, 29430, 29431, 29432, 29433, 29434, 29436. |
CIS IBM WebSphere Liberty Benchmark v1.0.0 | Re-release for CIS IBM WebSphere Liberty Benchmark v1.0.0 to update the regular expression for CID 24295. |
CIS Benchmark for Apache Tomcat 11, v1.0.0 | Re-release for CIS Benchmark for Apache Tomcat 11, v1.0.0. |
CIS Benchmark for Apache Tomcat 10.1, v1.1.0 | Re-release for CIS Benchmark for Apache Tomcat 10.1, v1.1.0. |
CIS Benchmark for Apache Tomcat 10, v1.1.0 | Re-release for CIS Benchmark for Apache Tomcat 10, v1.1.0. |
CIS Benchmark for Apache Tomcat 9, v1.2.0 | Re-release for CIS Benchmark for Apache Tomcat 9, v1.2.0. |
CIS Benchmark for Apache Tomcat 8, v1.1.0 | Re-release for CIS Benchmark for Apache Tomcat 8, v1.1.0. |
CIS Benchmark for Apache Tomcat 7 v.1.1.0 | Re-release for CIS Benchmark for Apache Tomcat 7 v.1.1.0. |
CIS Benchmark for Apple macOS 14 Sonoma, v2.0.0 | Re-release for CIS Benchmark for Apple macOS 14 Sonoma, v2.0.0. |
CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0. |
CIS IBM AIX 7 Benchmark v1.0.0 | Re-release for CIS IBM AIX 7 Benchmark v1.0.0 |
CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0 |
CIS Benchmark for Cisco IOS 12, V4.0.0 | Re-release for CIS Benchmark for Cisco IOS 12, V4.0.0 to update the regular expression for CID 18779, CID 4361, CID 4363, and CID 4394. |
CIS Benchmark for CIS Benchmark for Cisco IOS XE 17.x, v2.1.1 | Re-release for CIS Benchmark for CIS Benchmark for Cisco IOS XE 17.x, v2.1.1 to update the regular expression for CID 4364. |
CIS Benchmark for Cisco IOS 15, V4.1.1 | Re-release for CIS Benchmark for Cisco IOS 15, V4.1.1 to update the regular expression for CID 18779. |
CIS Benchmark for Palo Alto Firewall 11, v1.0.0 | Re-release for CIS Benchmark for Palo Alto Firewall 11, v1.0.0. |
CIS Benchmark for Mozilla Firefox ESR GPO v1.0.0 | Re-release for CIS Benchmark for Mozilla Firefox ESR GPO v1.0.0. |
CIS Benchmark for Cisco IOS XE 16.x, v2.1.0 | Re-release for CIS Benchmark for Cisco IOS XE 16.x, v2.1.0 to change the regular expressions. |
Microsoft SQL Policy | Re-release for Microsoft SQL Policy to change the regular expression of 9909. |
CIS Benchmark for Cisco IOS XE 17.x, v2.1.1 | Re-release for CIS Benchmark for Cisco IOS XE 17.x, v2.1.1. |
CIS Benchmark for Cisco IOS XE 16.x, v2.1.0 | Re-release for CIS Benchmark for Cisco IOS XE 16.x, v2.1.0 |
CIS Benchmark for Cisco IOS 15, V4.1.1 | Re-release for CIS Benchmark for Cisco IOS 15, V4.1.1. |
CIS Benchmark for Red Hat Enterprise Linux 8 STIG, v1.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 8 STIG, v1.0.0 to replace 21426 with 29403 and 12754 with 20569. |
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- CIS IBM i V7R5M0 Benchmark v2.0.0
- CIS IBM i V7R4M0 Benchmark v2.0.0
- DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V2R3
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R3
- CIS FreeBSD 14 Benchmark, v1.0.1
- CIS IBM AIX 7 Benchmark v1.0.0
- CIS Oracle Database 23ai Benchmark, v1.0.0
- DISA Security Technical Implementation Guide (STIG) for Oracle Database 19c STIG, V1R1
- Microsoft Security baseline for Windows Server 2025
- CIS Microsoft SQL Server 2019 Benchmark, v1.5.0
- Security configuration and compliance policy for MarkLogic
- Security configuration and compliance policy for VMware Photon OS 5.x
Learn More
Discover how Qualys Enterprise TruRiskTM Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more about it here.
Additional Information
Feel free to contact your Technical Account Manager (TAM) or Qualys Technical Support if you have any questions.
What’s More: