Policy Compliance Library Updates, June 2025
Qualys’ library of built-in policies makes it easy to comply with the widely adopted security standards and regulations. The platform offers a broad range of policies, including many that have been certified by the Center for Internet Security (CIS), as well as security guidelines and industry best practices from operating system and application vendors.
Qualys’ Certification Page on the CIS website has also been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmark policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. By leveraging industry best practices, these guidelines help reduce the risk of cyberattacks like data breaches.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). These guidelines equip organizations with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks that safeguard sensitive data and help ensure privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in June 2025:
| CIS Benchmark Policies | 8 |
| DISA STIG Policy | 3 |
| Industry Best Practices Policy | 3 |
| New Supported Mandates | 0 |
| Deprecated Mandates | 0 |
Listed below are the newly published policies and mandates:
| CIS Benchmark Policies | • CIS Benchmark for IBM i V7R5M0, v2.0.0 • CIS Amazon Elastic Kubernetes Service (EKS) Benchmark, v1.7.0 • CIS Oracle Cloud Infrastructure Container Engine for Kubernetes(OKE) Benchmark, v1.7.0 • CIS Benchmark for IBM i V7R4M0, v2.0.0 • CIS Azure Kubernetes Service (AKS) Benchmark v1.7.0 • CIS Google Kubernetes Engine (GKE) Benchmark v1.7.0 • CIS Kubernetes Benchmark, 1.11.1 • CIS Benchmark for Microsoft IIS 10, v1.2.1, Spanish |
| DISA STIG Policies | • DISA Security Technical Implementation Guide (STIG) for Oracle Database 19c, V1R1 • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V2R3 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R3 |
| Industry and Best Practices Policies | • Security Configuration and Compliance Policy for MarkLogic • Security Configuration and Compliance Policy for VMware Photon OS 5.x • Security Configuration and Compliance Policy for Microsoft Azure Linux 3.x |
| New Supported Mandates | NA |
| Deprecated mandates | NA |
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
| Policy | Update |
| CIS Benchmark for RedHat OpenShift Container Platform, v1.7.0 | Re-release for CIS Benchmark for RedHat OpenShift Container Platform, v1.7.0 |
| CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0 |
| CIS Benchmark for Debian Linux 12, v1.1.0 | Re-release for CIS Benchmark for Debian Linux 12, v1.1.0 |
| CIS Benchmark for Ubuntu Linux 22.04 LTS, v2.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 22.04 LTS, v2.0.0 |
| NIST 800-53 Rev 4 and Rev 5 for Linux policy | Re-release to add 13376 & RHEL 10.x in NIST 800-53 Rev 4 and Rev 5 for Linux policy |
| Qualys Security Configuration and Compliance Policy for Windows Active Directory | Re-release for Qualys Security Configuration and Compliance Policy for Windows Active Directory |
| Security Configuration and Compliance Policy for Windows Server Certification Authority | Re-release for Security Configuration and Compliance Policy for Windows Server Certification Authority |
| CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0 |
| CIS Benchmark for Oracle Solaris 11.4, v1.1.0 | Re-release for CIS Benchmark for Oracle Solaris 11.4, v1.1.0 to update CID 2236. |
| CIS Benchmark for Oracle Linux 9, v2.0.0 | Re-release for CIS Benchmark for Oracle Linux 9, v2.0.0, to update the regular expression for the control CID 26770. |
| CIS Benchmark for Cisco IOS XE 17.x, v2.2.0 | Re-release for CIS Benchmark for Cisco IOS XE 17.x, v2.2.0 |
| CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 7, v4.0.0 |
| Qualys Security Configuration and Compliance Policy for Red Hat Enterprise Linux 10.x | Re-release for Qualys Security Configuration and Compliance Policy for Red Hat Enterprise Linux 10.x |
| DISA Security Technical Implementation Guide (STIG) for Windows 10, V3R4 | Re-release for DISA Security Technical Implementation Guide (STIG) for Windows 10, V3R4 to check the regular expressions for CID 11216 |
| DISA Security Technical Implementation Guide (STIG) for Microsoft Windows server 2019 V3R3 | Re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows server 2019 V3R3 to check the regular expressions for CID 11216 |
| DISA Security Technical Implementation Guide (STIG) for Microsoft Windows server 2022 V2R3 | Re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows server 2022 V2R3 to check the regular expressions for CID 11216 |
| CIS Benchmark for PostgreSQL 14, v1.2.0 | Re-release for CIS Benchmark for PostgreSQL 14, v1.2.0 |
| CIS Benchmark for Oracle Database 19c Multitenant on Windows host, v1.2.0 | Re-release for CIS Benchmark for Oracle Database 19c Multitenant on Windows host, v1.2.0 to add control 12372 for 1.1 manual requirement and also add the same in cover page. |
| CIS Benchmark for Oracle Database 19c Multitenant on Linux host, v1.2.0 | Re-release for CIS Benchmark for Oracle Database 19c Multitenant on Linux host, v1.2.0 to add control 12372 for 1.1 manual requirement and also add the same in cover page. |
| CIS Benchmark for Oracle Database 19c on Windows host, v1.2.0 | Re-release for CIS Benchmark for Oracle Database 19c on Windows host, v1.2.0 to add control 12372 for 1.1 manual requirement and also add the same in cover page. |
| CIS Benchmark for Oracle Database 19c on Linux host, v1.2.0 | Re-release for CIS Benchmark for Oracle Database 19c on Linux host, v1.2.0 to add control 12372 for 1.1 manual requirement and also add the same in cover page. |
| CIS Benchmark for SUSE Linux Enterprise 15.x, v2.0.1 | Re-release for CIS Benchmark for SUSE Linux Enterprise 15.x, v2.0.1, to fix the regular expression for CID 29882. |
| CIS Benchmark for Oracle Linux 9, v2.0.0 | Re-release for CIS Benchmark for Oracle Linux 9, v2.0.0 to fix the regular expression for CID 29158. |
| CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0 to fix the regular expression for CID 29158. |
| CIS Benchmark for PostgreSQL 15, v1.1.0 | Re-release for CIS Benchmark for PostgreSQL 15, v1.1.0 |
| CIS Benchmark for Microsoft Edge, v3.0.0 | Re-release for CIS Benchmark for Microsoft Edge, v3.0.0, to check the regular expression for CID 19721. |
| DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R9 | Re-release for DISA Security Technical Implementation Guide (STIG) for IIS 10 Site, V2R9 |
| NIST 800-53 Rev 5 for Microsoft Windows | Re-release for NIST 800-53 Rev 5 for Microsoft Windows |
| NIST 800-53 Rev 4 for Microsoft Windows | Re-release for NIST 800-53 Rev 4 for Microsoft Windows |
| Security Configuration and Compliance Policy for Amazon Aurora RDS – MySQL Database | Re-release for Security Configuration and Compliance Policy for Amazon Aurora RDS – MySQL Database to change the inactive status of 9239. |
| CIS IBM AIX 7.2 Benchmark, v1.1.0 | Re-release for CIS IBM AIX 7.2 Benchmark, v1.1.0 to replace the CID 1141. |
| CIS IBM AIX 7.1 Benchmark, v2.1.0 | Re-release for CIS IBM AIX 7.1 Benchmark, v2.1.0 to replace the CID 1141. |
| CIS Benchmark for Red Hat Enterprise Linux 8 STIG , v1.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 8 STIG , v1.0.0 to fix the regular expressions for CIDs 4990, 5081, 19880. |
| CIS Benchmark for Debian Linux 10, v2.0.0 | Re-release for CIS Benchmark for Debian Linux 10, v2.0.0 |
| CIS Debian Linux 11 STIG Benchmark v1.0.0 | Re-release for CIS Debian Linux 11 STIG Benchmark v1.0.0 |
| CIS Benchmark for Debian Linux 11, v1.0.0 | Re-release for CIS Benchmark for Debian Linux 11, v1.0.0 |
| CIS Benchmark for Ubuntu Linux 18.04 LTS, v2.2.0 | Re-release for CIS Benchmark for Ubuntu Linux 18.04 LTS, v2.2.0 |
| CIS Benchmark for Ubuntu Linux 20.04 LTS, v3.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 20.04 LTS, v3.0.0 |
| CIS Ubuntu Linux 20.04 LTS STIG, v2.0.0 | Re-release for CIS Ubuntu Linux 20.04 LTS STIG, v2.0.0 |
| DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R3 | Re-release for DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R3 |
Deprecated Policies
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R3
- DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V2R2
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- CIS Benchmark for Oracle Linux 7, v4.0.0
- CIS FreeBSD 14 Benchmark, v1.0.1
- CIS IBM AIX 7 Benchmark v1.0.0
- CIS PostgreSQL 17 Benchmark, v1.0.0
- Microsoft Security baseline for Windows Server 2025
- CIS Microsoft SQL Server 2019 Benchmark, v1.5.0
- DISA Security Technical Implementation Guide (STIG) for Oracle Linux 9 – Ver 1, Rel 1
- DISA Security Technical Implementation Guide (STIG) for Kubernetes – Ver 2, Rel 3
- CIS Benchmark for Cisco IOS XE 17.x, v2.1.1
- CIS Benchmark for Cisco IOS XE 16.x, v2.1.0
- CIS Benchmark for Cisco IOS 15, V4.1.1
- CIS Benchmark for Cisco IOS 12, V4.0.0
- DISA STIG for Microsoft Windows 2022, V2R4
- DISA STIG for Microsoft Windows 2019, V3R4
- CIS Rocky Linux 8 Benchmark 2.0.0
- CIS AlmaLinux OS 8 Benchmark 3.0.0
- CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0 to update the regular expressions for CID 10823
- CID in Junos Technology
Learn More
Discover how Qualys Enterprise TruRiskTM Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more about it here.
Additional Information
Feel free to contact your Technical Account Manager (TAM) or Qualys Technical Support if you have any questions.