Policy Compliance Library Updates, July 2025
Qualys’ library of built-in policies makes it easy to comply with the widely adopted security standards and regulations. The platform offers a broad range of policies, including many that have been certified by the Center for Internet Security (CIS), as well as security guidelines and industry best practices from operating system and application vendors.
Qualys’ Certification Page on the CIS website has also been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmark policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. By leveraging industry best practices, these guidelines help reduce the risk of cyberattacks like data breaches.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). These guidelines equip organizations with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks that safeguard sensitive data and help ensure privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in July 2025:
| CIS Benchmark Policies | 7 |
| DISA STIG Policy | 5 |
| Industry Best Practices Policy | 1 |
| New Supported Mandates | 2 |
| Deprecated Mandates | 0 |
Listed below are the newly published policies and mandates:
| CIS Benchmark Policies | • CIS Benchmark for IBM AIX 7, v1.0.0 • CIS Benchmark for PostgreSQL 17, v1.0.0 • CIS Benchmark for Debian Linux 11, v2.0.0 • CIS Benchmark for FreeBSD 14, v1.0.1 • CIS Benchmark for Oracle Database 23ai, v1.0.0 • CIS Microsoft Windows 11 Stand-alone Benchmark v4.0.0 • CIS Benchmark for Microsoft SQL Server 2019, v1.5.0 |
| DISA STIG Policies | • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 DC, V2R4 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 DC, V3R4 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 MS, V3R4 • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 MS, V2R4 • DISA Security Technical Implementation Guide (STIG) for IBM WebSphere Liberty Server – Ver 2 Rel 2. |
| Industry and Best Practices Policies | Microsoft Security Baseline for Windows Server 2025 |
| New Supported Mandates | • Swift Customer Security Controls Framework v2025 • Customer Security Programme ver 2025 |
| Deprecated mandates | NA |
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
| Policy | Update |
| CIS Benchmark for Cisco IOS 15, V4.1.1 | Re-release for CIS Benchmark for Cisco IOS 15, V4.1.1. |
| CIS Benchmark for Cisco IOS 12, V4.0.0 | Re-release for CIS Benchmark for Cisco IOS 12, V4.0.0. |
| CIS Benchmark for Alma Linux 8 v3.0.0 | Re-release for CIS Benchmark for Alma Linux 8 v3.0.0. |
| CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0, to replace CID 10170 with CID 29164. |
| CIS Benchmark for Juniper OS, v2.1.0 | Re-release for CIS Benchmark for Juniper OS, v2.1.0, to replace CID 8769 with new CID 30526. |
| CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0 to remove and re-add the CID 29256. |
| CIS Benchmark for RedHat OpenShift Container Platform, v1.7.0 | Re-release for CIS Benchmark for RedHat OpenShift Container Platform, v1.7.0, to update the cardinality and the regular expression of CID 27798. |
| CIS Benchmark for PostgreSQL 14, v1.2.0 | Re-release for CIS Benchmark for PostgreSQL 14, v1.2.0 to replace 14190 with 30562. |
| CIS Benchmark for Oracle Linux 8, v3.0.0 | Re-release for CIS Benchmark for Oracle Linux 8, v3.0.0 to fix the regular expression for CID 29158. |
| CIS Benchmark for Apache HTTP Server 2.4, v2.2.0 | Re-release for CIS Benchmark for Apache HTTP Server 2.4, v2.2.0 to add CID 29815 for the CIS Reference 5.12 in the policy. |
| CIS Benchmark for Cisco IOS XE 17.x, v2.2.0 | Re-release for CIS Benchmark for Cisco IOS XE 17.x, v2.2.0 to replace CID 4390 with 4388. |
| CIS Benchmark for Amazon Linux 2, v3.0.0 | Re-release for CIS Benchmark for Amazon Linux 2, v3.0.0, to fix the regular expression for CID 16066 and update the regular expression for CID 20647. |
| Qualys Security Configuration and Compliance Policy for Windows Active Directory | Re-release to add Windows 2022 and Windows 2025 Active Directory toQualys Security Configuration and Compliance Policy for Windows Active Directory. |
| CIS Benchmark for Amazon Linux 2, STIG v2.0.0 | Re-release for CIS Benchmark for Amazon Linux 2, STIG v2.0.0. |
| CIS Benchmark for AlmaLinux OS 8, v3.0.0 | Re-release for CIS Benchmark for AlmaLinux OS 8, v3.0.0 |
| CIS Benchmark for Debian Linux 12, v1.1.0 | Re-release for CIS Benchmark for Debian Linux 12, v1.1.0. |
| CIS Benchmark for Rocky Linux 8, 2.0.0 | Re-release for CIS Benchmark for Rocky Linux 8, 2.0.0. |
| CIS Oracle MySQL Enterprise Edition and MySQL community server 8.4 | Re-release for CIS Oracle MySQL Enterprise Edition and MySQL community server 8.4 to add L1 policies. |
| CIS Benchmark for Cisco IOS 15, V4.1.1 | Re-release for CIS Benchmark for Cisco IOS 15, V4.1.1. |
| Best Practice Controls for Malware/Ransomware Prevention | Re-release to add Wid 2025 and VM ESXi 8 in Best Practice Controls for Malware/Ransomware Prevention |
| DISA STIG IIS 10 V3R1 | Re-release for DISA STIG IIS 10 V3R1 |
| CIS Ubuntu Linux 24 LTS, v1.0.0 | Re-release fixes for CIS Ubuntu Linux 24 LTS, v1.0.0 |
| CIS Benchmark for Cisco IOS 12, V4.0.0 | Re-release CIS Benchmark for Cisco IOS 12, V4.0.0 |
| Top 10 ATT&CK Techniques Ransomware policy for Windows | Re-release for top 10 ATT&CK Techniques, Ransomware policy for Windows |
| CIS Benchmark for CiscoIOS XE 17.x, v2.2.0 | Re-release for CIS Benchmark for CiscoIOS XE 17.x, v2.2.0 |
| DISA Security Technical Implementation Guide (STIG) for Crunchy Data PostgreSQL | Re-release for DISA Security Technical Implementation Guide (STIG) for Crunchy Data PostgreSQL |
| Qualys Security Configuration and Compliance Policy for Windows Active Directory | Re-release for Qualys Security Configuration and Compliance Policy for Windows Active Directory |
| CISA Top Ten Cybersecurity Misconfigurations for Windows | Re-release for CISA Top Ten Cybersecurity Misconfigurations for Windows |
| CIS IBM AIX 7.2 Benchmark, v1.1.0 | Re-release for CIS IBM AIX 7.2 Benchmark, v1.1.0 |
Deprecated Policies
- CIS Benchmark for Microsoft SQL Server 2019, v1.4.0
- CIS Benchmark for Microsoft SQL Server 2019, v1.3.0
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 DC, V2R3
- DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 MS, V2R3
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- CIS Microsoft Intune for Office Benchmark v1.1.0
- CIS Red Hat Enterprise Linux 8 STIG Benchmark, v2.0.0
- CIS Benchmark for CentOS Linux 8, v2.0.0
- DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2019 STIG Edge server, V2R2
- DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2019 STIG Mailbox Server, V2R2
- CIS Microsoft Intune for Windows 11 Benchmark, v4.0.0
- CIS Ubuntu Linux 22.04 LTS STIG Benchmark, 1.0.0
- DISA Canonical Ubuntu 24.04 LTS STIG – Ver 1, Rel 1
- CIS Microsoft SQL Server 2022 Benchmark, v1.2.0
- DISA STIG for Aruba Networking AOS NDM, V1R1
- DISA STIG for Aruba Networking AOS VPN, V1R1
- DISA STIG for Aruba Networking AOS Wireless, V1R1
- CIS Microsoft Windows Server 2019 Benchmark, v4.0.0
- CIS Benchmark for SUSE Linux Enterprise 12.x, v3.2.0
- CIS Cisco IOS XE 16.x Benchmark, v2.2.0
- CIS Microsoft Windows 10 Enterprise Benchmark v4.0.0
- CIS Microsoft Windows Server 2022 Benchmark v4.0.0
Learn More
Discover how Qualys Enterprise TruRiskTM Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more about it here.
Additional Information
Feel free to contact your Technical Account Manager (TAM) or Qualys Technical Support if you have any questions.