Policy Compliance Library Updates, August 2025
Qualys’ library of built-in policies makes it easy to comply with the widely adopted security standards and regulations. The platform offers a broad range of policies, including many that have been certified by the Center for Internet Security (CIS), as well as security guidelines and industry best practices from operating system and application vendors.
Qualys’ Certification Page on the CIS website has also been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmark policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. By leveraging industry best practices, these guidelines help reduce the risk of cyberattacks, such as data breaches.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). These guidelines equip organizations with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks that safeguard sensitive data and help ensure privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in August 2025:
| CIS Benchmark Policies | 10 |
| DISA STIG Policy | 1 |
| Industry Best Practices Policy | 1 |
| New Supported Mandates | 0 |
| Deprecated Mandates | 0 |
Listed below are the newly published policies and mandates:
| CIS Benchmark Policies | • CIS Benchmark for Microsoft Intune Office Enterprise, v1.1.0 • CIS Benchmark for Microsoft Windows 10 Enterprise, v4.0.0 • CIS Benchmark for Cisco IOS XE 16.x, v2.2.0 • CIS Red Hat Enterprise Linux 9 STIG Benchmark, v1.0.0 • CIS Microsoft Windows 11 Stand-alone Benchmark v4.0.0 • CIS Microsoft SQL Server 2022 Benchmark, v1.2.0 • CIS Microsoft Windows Server 2019 Benchmark, v4.0.0 • CIS Red Hat OpenShift Container Platform Benchmark 1.8.0 • CIS Apple macOS 15.0 Sequoia Cloud-tailored Benchmark, v1.0.0 • CIS Microsoft Windows Server 2019 Stand-alone, v3.0.0 |
| DISA STIG Policies | DISA Canonical Ubuntu 24.04 LTS STIG – Ver 1, Rel 1 |
| Industry and Best Practices Policies | Security Configuration and Compliance Policy for IBM VIOS 4.x |
| New Supported Mandates | NA |
| Deprecated mandates | NA |
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
| Policy | Update |
| CIS Benchmark for Debian Linux 12, v1.1.0 | Re-release for CIS Benchmark for Debian Linux 12, v1.1.0. |
| CIS Benchmark for Apache Tomcat 9, v1.2.0 | Re-release for CIS Benchmark for Apache Tomcat 9, v1.2.0, to update the regular expressions of CID 9615 and 10698. |
| CIS Benchmark for Apache Tomcat 10.1, v1.1.0 | Re-release for CIS Benchmark for Apache Tomcat 10.1, v1.1.0, to update the regular expressions of CID 9615 and 10698. |
| CIS Benchmark for Apache Tomcat 10, v1.0.0 | Re-release for CIS Benchmark for Apache Tomcat 10, v1.0.0, to update the regular expressions of CID 9615 and 10698. |
| CIS Benchmark for Apache Tomcat 11, v1.0.0 | Re-release for CIS Benchmark for Apache Tomcat 11, v1.0.0, to update the regular expressions of CID 9615 and 10698. |
| CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0, to replace the CIDs 29438 and 29442 with CID 30909. |
| CIS Benchmark for Cisco IOS 12, V4.0.0 | Re-release for CIS Benchmark for Cisco IOS 12, V4.0.0, to update the regular expressions for CID 4408. |
| CIS IBM AIX 7.1 Benchmark, v2.1.0 | Re-release for CIS IBM AIX 7.1 Benchmark, v2.1.0, to replace 3947 and 5168 with CID 27887. |
| CIS IBM AIX 7.2 Benchmark, v1.1.0 | Re-release for CIS IBM AIX 7.2 Benchmark, v1.1.0, to replace 3947 and 5168 with CID 27887. |
| Top 10 ATT&CK Techniques Ransomware policy for Windows | Re-release the top 10 ATT&CK Techniques Ransomware policy for Windows to add a ransomware label. |
| CIS Benchmark for Amazon Linux 2023, v1.0.0 | Re-release for CIS Benchmark for Amazon Linux 2023, v1.0.0, to update the regular expression of CID 17132. |
| CIS Benchmark for VMware ESXi 8.0, V1.2.0 | Re-release for CIS Benchmark for VMware ESXi 8.0, V1.2.0, to update the regular expressions for CID 8976, 8983, 8982. |
| CIS Benchmark for FortiGate 7.0.x, v1.3.0 | Re-release CIS Benchmark for FortiGate 7.0.x, v1.3.0 to replace CID 25239 with CID 30912. |
| CIS Benchmark for Debian Linux 11, v2.0.0 | Re-release for CIS Benchmark for Debian Linux 11, v2.0.0, to replace 11487 with CID 30911. |
| CIS Benchmark for Ubuntu Linux 20.04 LTS, v3.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 20.04 LTS, v3.0.0, to replace 11487 with the CID 30911. |
| CIS Ubuntu Linux 20.04 LTS STIG, v2.0.0 | Re-release for CIS Ubuntu Linux 20.04 LTS STIG, v2.0.0, to replace 11487 with the CID 30911 |
| CIS Benchmark for Ubuntu Linux 22.04 LTS, v2.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 22.04 LTS, v2.0.0, to replace 11487 with the CID 30911 and provide a fix for CID 11325 and 14159. |
| CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0 | Re-release for CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0, to replace 11487 with the CID 30911. |
| CIS Apple macOS 12.0 Monterey Benchmark v4.0.0 | Re-release for CIS Apple macOS 12.0 Monterey Benchmark v4.0.0 to update CID 27027. |
| CIS Benchmark for Apple macOS 13 Ventura v3.0.0 | Re-release for CIS Benchmark for Apple macOS 13 Ventura v3.0.0 to update CID 27027. |
| CIS Benchmark for Apple macOS 14 Sonoma, v2.0.0 | Re-release for CIS Benchmark for Apple macOS 14 Sonoma, v2.0.0 to update CID 27027. |
| CIS Benchmark for Apple macOS 15 Sequoia v1.0.0 | Re-release for CIS Benchmark for Apple macOS 15 Sequoia v1.0.0 to update CID 27027. |
| CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0. |
| CIS Benchmark for SUSE Linux Enterprise 15.x, v2.0.1 | Re-release for CIS Benchmark for SUSE Linux Enterprise 15.x, v2.0.1. |
| CIS Benchmark for Palo Alto Firewall 11, v1.1.0 | Re-release for CIS Benchmark for Palo Alto Firewall 11, v1.1.0. |
| CIS Benchmark for Palo Alto Firewall 10, v1.2.0 | Re-release for CIS Benchmark for Palo Alto Firewall 10, v1.2.0. |
| CIS Apache Http Server 2.4 v2.2.0 | Re-release for CIS Apache HTTP Server 2.4 v2.2.0. |
| US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 2 for Windows v.1.0 | Re-release for US Cybersecurity Maturity Model Certification (CMMC) v2.0, Level 2 for Windows v.1.0 to update the regular expression of CID 5241. |
| CIS Benchmark for Docker, v1.7.0 | Re-release for CIS Benchmark for Docker, v1.7.0, to update the regular expression of CID 1848. |
| CIS Benchmark for Cisco IOS XE 17.x, v2.2.0 | Re-release for CIS Benchmark for Cisco IOS XE 17.x, v2.2.0, to update the regular expression of CID 5241. |
| DISA Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS, V2R4 | Re-release for DISA Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS, V2R4, to update the CID 19626. |
| CIS Apache Tomcat 10.1 v1.1.0 | Re-release for CIS Apache Tomcat 10.1 v1.1.0 to active the controls – CID 9480, CID 20349, CID 9551, CID 9552, CID 9553, CID 9559, CID 24147, CID 24148, CID 9563, CID 11382, CID 10698, CID 10702, CID 10703. |
| Security Configuration and Compliance Policy for PaloAlto Networks Panorama | Re-release for Security Configuration and Compliance Policy for PaloAlto Networks Panorama. |
| DISA STIG for Microsoft Windows Server 2019, V3R4 | Re-release for DISA STIG for Microsoft Windows Server 2019, V3R4, to update the regular expressions for CID 2109 & CID 3765. |
| CIS Benchmark for Microsoft IIS 10, v1.2.1 | Re-release for CIS Benchmark for Microsoft IIS 10, v1.2.1 |
Deprecated Policies
- CIS Benchmark for Apple macOS 14 Sonoma, v1.0.0
- CIS Benchmark for Cisco IOS XE 16.x, v2.1.0
- CIS Benchmark for Cisco IOS 16.x, v2.0.0
- CIS Benchmark for Microsoft Windows 10 Enterprise, v3.0.0
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- CIS IBM z/OS V2R5 with RACF Benchmark v1.1.0
- CIS Red Hat Enterprise Linux 8 STIG Benchmark, v2.0.0
- DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2019 STIG Edge server, V2R2
- DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2019 STIG Mailbox Server, V2R2
- CIS Microsoft Intune for Windows 11 Benchmark, v4.0.0
- DISA STIG for Aruba Networking AOS NDM, V1R1
- DISA STIG for Aruba Networking AOS VPN, V1R1
- DISA STIG for Aruba Networking AOS Wireless, V1R1
- CIS Ubuntu Linux 22.04 LTS STIG Benchmark, 1.0.0
- CIS Microsoft Windows Server 2022 Stand-alone Benchmark, v1.0.0
- CIS Microsoft Windows 10 Stand-alone Benchmark 4.0.0
- CIS IBM AIX 7 Benchmark, v1.1.0
- CIS Apple macOS 13.0 Ventura Benchmark, v3.1.0
- CIS Apple macOS 14.0 Sonoma Benchmark, v2.1.0
- CIS Apple macOS 15.0 Sequoia Benchmark, v1.1.0
- CIS PostgreSQL 16 Benchmark, v1.1.0
- CIS PostgreSQL 15 Benchmark, v1.2.0
Learn More
Discover how Qualys Enterprise TruRiskTM Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more about it here.
Additional Information
Feel free to contact your Technical Account Manager (TAM) or Qualys Technical Support if you have any questions.