Policy Compliance Library Updates, MAY 2025

Vaishali Kulkarni

Qualys’ library of built-in policies makes it easy to comply with the widely adopted security standards and regulations. The platform offers a broad range of policies, including many that have been certified by the Center for Internet Security (CIS), as well as security guidelines and industry best practices from operating system and application vendors.

Qualys’ Certification Page on the CIS website has also been updated.  

CIS Benchmark Policies

Center for Internet Security (CIS) Benchmark policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. By leveraging industry best practices, these guidelines help reduce the risk of cyberattacks like data breaches.

DISA STIG Policies

STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). These guidelines equip organizations with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.

Qualys Policies

Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.

Safeguard Computer Security Evaluation Matrix (SCSEM)

It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.

Compliance Standards

Compliance standards are regulatory frameworks that safeguard sensitive data and help ensure privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.

New Policies/Mandates 

Listed below are the number of policies and mandates deployed in May 2025: 

CIS Benchmark Policies 10
DISA STIG Policy 2
Industry Best Practices Policy 2
New Supported Mandates3
Deprecated Mandates0

Listed below are the newly published policies and mandates:  

CIS Benchmark Policies • CIS Benchmark for Google Container-Optimized OS, v1.2.0 
• CIS Benchmark for Microsoft Windows Server 2008 R2, v3.3.1 
• CIS Benchmark for Microsoft Windows Server 2008 (non-R2), v3.3.1 
• CIS Benchmark for Cisco NX-OS, V1.2.0 
• CIS Benchmark for VMware ESXi 8.0, V1.2.0 
• CIS Benchmark for Microsoft Windows 10 Enterprise, v3.0.0 
• CIS Benchmark for SUSE Linux Enterprise 15.x, v2.0.1 
• CIS Benchmark for Microsoft IIS 10, v1.2.1, Spanish 
• CIS Microsoft Windows 11 Enterprise Benchmark, v4.0.0 
• CIS Ubuntu Linux 20.04 LTS Benchmark, v3.0.0 
DISA STIG Policies • DISA Security Technical Implementation Guide (STIG) for Enterprise Linux
8, V2R3 
• DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V3R2 
Industry Best Practices Policies • ASD ACSC’s Essential Eight Maturity Model for Hardening Microsoft 365, Office 2021, Office 2019, and Office 2016 
• Security Configuration and Compliance Policy for Nutanix Prism Central 
New Supported Mandates• Trusted Information Security Assessment Exchange (TISAX) ISA v6 
• NCA-Data Cybersecurity Controls 
 • Protection Profile for Application Software, Version 1.4 
Deprecated mandates NA 

Deprecated Policies

  • CIS Benchmark for Google Container-Optimized OS, v1.1.0
  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.3.0
  • CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.3.0
  • CIS Benchmark for Cisco NX-OS, V1.1.0
  • CIS Benchmark for VMware ESXi 8.0, V1.1.0
  • DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 8, V2R1
  • CIS Benchmark for SUSE Linux Enterprise 15.x, v2.0.0
  • DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Server for UNIX, V3R1

Policy Updates 

We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.

Policy Update  
CIS Benchmark for Debian Linux 11, v1.0.0Policy re-release for CIS Benchmark for Debian Linux 11, v1.0.0 to update the regular expression for CID 13244.
CIS Benchmark for NGINX v2.1.0Policy re-release for CIS Benchmark for NGINX v2.1.0
CIS Benchmark for Cisco IOS 15, V4.1.1Policy re-release for CIS Benchmark for Cisco IOS 15, V4.1.1 to replace CID 4394 by CID 8969.
DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V3R2Policy re-release for DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V3R2 to update the regular expression for CID 29141.
CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0Policy re-release for CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0 to update CID 23814.
CIS Benchmark for Microsoft Windows Server 2025, v1.0.0Policy re-release for CIS Benchmark for Microsoft Windows Server 2025, v1.0.0.
CIS Benchmark for Red Hat Enterprise Linux 8 STIG , v1.0.0Re-release for CIS Benchmark for Red Hat Enterprise Linux 8 STIG , v1.0.0 to update the regular expressions.
CIS Benchmark for Oracle Linux 7, v4.0.0Re-release for CIS Benchmark for Oracle Linux 7, v4.0.0 to replace 20647 with 27846.
CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0Re-release for CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 to replace 25478 and 25490 with 28818 and 28819.
CIS Microsoft Intune for Windows 11 Benchmark, v3.0.1Re-release for CIS Microsoft Intune for Windows 11 Benchmark, v3.0.1
CIS Benchmark for Oracle Linux 8, v3.0.0Re-release for CIS Benchmark for Oracle Linux 8, v3.0.0 to replace 12406, 8771, and 1203 with 29417, 29418, 29419, 29420, 29421, 29422, 29427, 29428, 29429, 29430, 29431, 29432, 29433, 29434, 29436.
CIS IBM WebSphere Liberty Benchmark v1.0.0Re-release for CIS IBM WebSphere Liberty Benchmark v1.0.0 to update the regular expression for CID 24295.
CIS Benchmark for Apache Tomcat 11, v1.0.0Re-release for  CIS Benchmark for Apache Tomcat 11, v1.0.0.
CIS Benchmark for Apache Tomcat 10.1, v1.1.0Re-release for CIS Benchmark for Apache Tomcat 10.1, v1.1.0.
CIS Benchmark for Apache Tomcat 10, v1.1.0Re-release for CIS Benchmark for Apache Tomcat 10, v1.1.0.
CIS Benchmark for Apache Tomcat 9, v1.2.0Re-release for CIS Benchmark for Apache Tomcat 9, v1.2.0.
CIS Benchmark for Apache Tomcat 8, v1.1.0Re-release for CIS Benchmark for Apache Tomcat 8, v1.1.0.
CIS Benchmark for Apache Tomcat 7 v.1.1.0Re-release for CIS Benchmark for Apache Tomcat 7 v.1.1.0.
CIS Benchmark for Apple macOS 14 Sonoma, v2.0.0Re-release for CIS Benchmark for Apple macOS 14 Sonoma, v2.0.0.
CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0Re-release for CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0.
CIS IBM AIX 7 Benchmark v1.0.0Re-release for CIS IBM AIX 7 Benchmark v1.0.0
CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0Re-release for CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0
CIS Benchmark for Cisco IOS 12, V4.0.0Re-release for CIS Benchmark for Cisco IOS 12, V4.0.0 to update the regular expression for CID 18779, CID 4361, CID 4363, and CID 4394.
CIS Benchmark for CIS Benchmark for Cisco IOS XE 17.x, v2.1.1Re-release for CIS Benchmark for CIS Benchmark for Cisco IOS XE 17.x, v2.1.1 to update the regular expression for CID 4364.
CIS Benchmark for Cisco IOS 15, V4.1.1Re-release for CIS Benchmark for Cisco IOS 15, V4.1.1 to update the regular expression for CID 18779.
CIS Benchmark for Palo Alto Firewall 11, v1.0.0Re-release for CIS Benchmark for Palo Alto Firewall 11, v1.0.0.
CIS Benchmark for Mozilla Firefox ESR GPO v1.0.0Re-release for CIS Benchmark for Mozilla Firefox ESR GPO v1.0.0.
CIS Benchmark for Cisco IOS XE 16.x, v2.1.0 Re-release for CIS Benchmark for Cisco IOS XE 16.x, v2.1.0 to change the regular expressions.
Microsoft SQL PolicyRe-release for Microsoft SQL Policy to change the regular expression of 9909.
CIS Benchmark for Cisco IOS XE 17.x, v2.1.1Re-release for CIS Benchmark for Cisco IOS XE 17.x, v2.1.1.
CIS Benchmark for Cisco IOS XE 16.x, v2.1.0Re-release for CIS Benchmark for Cisco IOS XE 16.x, v2.1.0
CIS Benchmark for Cisco IOS 15, V4.1.1Re-release for CIS Benchmark for Cisco IOS 15, V4.1.1.
CIS Benchmark for Red Hat Enterprise Linux 8 STIG, v1.0.0Re-release for CIS Benchmark for Red Hat Enterprise Linux 8 STIG, v1.0.0 to replace 21426 with 29403 and 12754 with 20569.

Proposed Upcoming Policies

We plan to release the following policies and updates next month: 

  • CIS IBM i V7R5M0 Benchmark v2.0.0
  • CIS IBM i V7R4M0 Benchmark v2.0.0
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R3
  • CIS FreeBSD 14 Benchmark, v1.0.1
  • CIS IBM AIX 7 Benchmark v1.0.0
  • CIS Oracle Database 23ai Benchmark, v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for Oracle Database 19c STIG, V1R1
  • Microsoft Security baseline for Windows Server 2025
  • CIS Microsoft SQL Server 2019 Benchmark, v1.5.0
  • Security configuration and compliance policy for MarkLogic
  • Security configuration and compliance policy for VMware Photon OS 5.x

Learn More 

Discover how Qualys Enterprise TruRiskTM Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more about it here

Additional Information 

Feel free to contact your Technical Account Manager (TAM) or Qualys Technical Support if you have any questions. 

What’s More:

  • Find all policy library updates here
  • Check out Qualys’ updated Certification Page at CIS here.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *