Policy Compliance Library Updates, September 2025

CIS Benchmark Policies
Policy Updates
Whats More

Qualys’ library of built-in policies makes it easy to comply with the widely adopted security standards and regulations. The platform offers a broad range of policies, including many that have been certified by the Center for Internet Security (CIS), as well as security guidelines and industry best practices from operating system and application vendors.

Qualys’ Certification Page on the CIS website has also been updated.

CIS Benchmark Policies

Center for Internet Security (CIS) Benchmark policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. By leveraging industry best practices, these guidelines help reduce the risk of cyberattacks, such as data breaches.

DISA STIG Policies

STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). These guidelines equip organizations with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.

Qualys Policies

Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfiguration and enact technical policies to fortify systems and safeguard against potential threats.

Safeguard Computer Security Evaluation Matrix (SCSEM)

It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.

Compliance Standards

Compliance standards are regulatory frameworks that safeguard sensitive data and help ensure privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.

New Policies/Mandates

Listed below are the number of policies and mandates deployed in September 2025:

CIS Benchmark Policies	11
DISA STIG Policy	3
Industry Best Practices Policy	2
New Supported Mandates	0
Deprecated Mandates	0

Listed below are the newly published policies and mandates:

CIS Benchmark Policies	CIS Microsoft Intune for Windows 11 Benchmark, v4.0.0 CIS Benchmark for Microsoft Windows 10 Stand-alone v4.0.0 CIS Benchmark for Apple macOS 13 Ventura v3.1.0 CIS Benchmark for Apple macOS 14 Sonoma, v2.1.0 CIS Benchmark for Apple macOS 15 Sequoia, v1.1.0 CIS Benchmark for PostgreSQL 16, v1.1.0 CIS Benchmark for PostgreSQL 15, v1.2.0 CIS IBM z/OS V2R5 with RACF Benchmark v1.1.0 CIS Ubuntu Linux 22.04 LTS STIG Benchmark, 1.0.0 CIS Microsoft Windows Server 2022 Stand-alone Benchmark, v1.0.0 CIS Microsoft Windows Server 2022 STIG Benchmark, v3.0.0
DISA STIG Policies	DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2019 STIG Edge server, V2R2 DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2019 STIG Mailbox Server, V2R2 DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V3R3
Industry and Best Practices Policies	Security Configuration and Compliance Policy for Macos 26 Security Configuration and Compliance Policy for Red Hat Enterprise Linux 10.x
New Supported Mandates	NA
Deprecated mandates	NA

CIS Microsoft Intune for Windows 11 Benchmark, v4.0.0
CIS Benchmark for Microsoft Windows 10 Stand-alone v4.0.0
CIS Benchmark for Apple macOS 13 Ventura v3.1.0
CIS Benchmark for Apple macOS 14 Sonoma, v2.1.0
CIS Benchmark for Apple macOS 15 Sequoia, v1.1.0
CIS Benchmark for PostgreSQL 16, v1.1.0
CIS Benchmark for PostgreSQL 15, v1.2.0
CIS IBM z/OS V2R5 with RACF Benchmark v1.1.0
CIS Ubuntu Linux 22.04 LTS STIG Benchmark, 1.0.0
CIS Microsoft Windows Server 2022 Stand-alone Benchmark, v1.0.0
CIS Microsoft Windows Server 2022 STIG Benchmark, v3.0.0

Policy Updates

We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.

Deprecated Policies

CIS Microsoft Intune for Windows 11 Benchmark, v3.0.1
CIS Benchmark for Microsoft Windows 10 Stand-alone, v3.0.0
CIS Benchmark for Apple macOS 13 Ventura v3.0.0
CIS Benchmark for Apple macOS 14 Sonoma, v2.0.0
CIS Benchmark for Apple macOS 15 Sequoia v1.0.0
CIS Benchmark for PostgreSQL 16, v1.0.0
CIS Benchmark for PostgreSQL 15, v1.1.0

Proposed Upcoming Policies

We plan to release the following policies and updates next month:

Security Configuration & Compliance Policy for Alma Linux 10.x
CIS Red Hat Enterprise Linux 9 STIG Benchmark, v1.0.0
CIS Microsoft Intune for Windows 10 Benchmark, v4.0.0
DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX,Ver 2 Rel 6
DISA Security Technical Implementation Guide (STIG) for IIS 10.0 Server, V3R4
DISA Security Technical Implementation Guide (STIG) for IIS 10.0 Site, V2R12
DISA Security Technical Implementation Guide (STIG) for Apache Tomcat Application Server 9 – Ver 3, Rel 2
DISA STIG for Aruba Networking AOS NDM, V1R1
DISA STIG for Aruba Networking AOS VPN, V1R1
DISA STIG for Aruba Networking AOS Wireless, V1R1
DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V2R5
DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8, V2R4
DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 8, V2R5
DISA Security Technical Implementation Guide (STIG) for Oracle Enterprise Linux 7, V3R3
DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 15.x, V2R5
DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V3R3
DISA Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS, V2R5
DISA Security Technical Implementation Guide (STIG) for Ubuntu 20.04 LTS STIG V2R3
DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V3R3
DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V3R3
CIS IBM AIX 7 Benchmark, v1.1.0
CIS Apple macOS 14.0 Sonoma Cloud-tailored Benchmark, v1.1.0
CIS Apple macOS 13.0 Sonoma Cloud-tailored Benchmark, v1.1.0
CIS Apple macOS 12.0 Sonoma Cloud-tailored Benchmark, v1.1.0
DISA Cisco NX-OS Switch NDM, V3R4
DISA Security Technical Implementation Guide (STIG) for Microsoft Exchange 2019 STIG Mailbox Server, V2R3
DISA Red Hat OpenShift Container Platform 4.x STIG – Ver 2, Rel 3
CIS Red Hat Enterprise Linux 10 Benchmark, v1.0.0
Security Configuration and Compliance Policy for Nutanix AOS (Prism Element)
DISA Security Technical Implementation Guide (STIG) for Ubuntu 24.04 LTS, V1R2
DISA Security Technical Implementation Guide (STIG) for Apple macOS 15 (Sequoia) STIG, Ver 1, Rel 4
CIS Ubuntu Linux 24.04 LTS STIG Benchmark, v1.0.0
CIS Google Kubernetes Engine (GKE) Benchmark, v1.8.0
CIS Microsoft Windows Server 2019 STIG Benchmark, v4.0.0

What’s More

Discover how Qualys Enterprise TruRisk^TM Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more about it here.

Additional Information

In case of any questions, please reach out to your Technical Account Manager (TAM) or Qualys Technical Support at any time.

Key links

Find all policy library updates here.
Check out Qualys’ updated Certification Page at CIS here.

Policy Compliance Library Updates, September 2025

Table of Contents

CIS Benchmark Policies

New Policies/Mandates

Policy Updates

What’s More

Key links

Related

Comments Cancel reply

Policy	Update
DISA Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS, V2R4	Re-release for DISA Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS, V2R4, to update the regular expressions for 25 CIDs.
DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V3R3	Re-release for DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V3R3, to change the regular expression for the CID 17883.
CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0	Re-release for CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0, to update the regular expression for the CIDs 26814,23776, 7411, and 22262.
CIS Benchmark for Apache HTTP Server 2.4, v2.2.0	Re-release for CIS Benchmark for Apache HTTP Server 2.4, v2.2.0, to add CID 30947 and CID 30948.
CIS Benchmark for Microsoft Windows Server 2008 R2, v3.3.1	Re-release for CIS Benchmark for Microsoft Windows Server 2008 R2, v3.3.1, to update the document ID.
DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V2R3	Re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9, V2R3, to update the regular expressions for CID 26770.
CIS Benchmark for Alma Linux OS 9, v2.0.0	Re-release for CIS Benchmark for Alma Linux OS 9, v2.0.0, to update the regular expressions for CID 26770.
CIS Benchmark for Rocky Linux 9, v2.0.0	Re-release for CIS Benchmark for Rocky Linux 9, v2.0.0, to update the regular expressions for CID 26770.
CIS Benchmark for Apache Tomcat 9, v1.2.0	Re-release for CIS Benchmark for Apache Tomcat 9, v1.2.0, to update the CID 10698,9551,9552.
CIS Benchmark for Apache Tomcat 10.1, v1.1.0	Re-release the CIS Benchmark for Apache Tomcat 10.1, v1.1.0, to update Multiple control regular expressions.
Top 10 ATT&CK Techniques Ransomware policy for Windows	Re-release top 10 ATT&CK Techniques Ransomware policy for Windows to update the cover page.
CIS Benchmark for Oracle Linux 8, v3.0.0	Re-release for CIS Benchmark for Oracle Linux 8, v3.0.0, to replace the CID 29023 with CID 26773.
CIS Benchmark for Microsoft IIS 10, v1.2.1	Re-release for CIS Benchmark for Microsoft IIS 10, v1.2.1, to update the regular expressions for CIDs 15782 and 15764.
DISA STIG Mozilla Firefox V6R5	Re-release for DISA STIG Mozilla Firefox V6R5 to update the regular expressions for CID 13989.
CIS Apache Tomcat 9 v1.2.0	Re-release for CIS Apache Tomcat 9 v1.2.0 to add CID 31051 and replace CID 9551 and CID 9552.
DISA STIG Microsoft Edge V2R2	Re-release for DISA STIG Microsoft Edge V2R2 to replace CID 27096 with 31046.
CIS Benchmark for Docker, v1.7.0	Re-release for CIS Benchmark for Docker, v1.7.0, to update the regular expressions for CID 10857.
CIS Apple macOS 15 v1.0.0	Re-release for CIS Apple macOS 15 v1.0.0, to change the cardinality of CID 24210.
DISA Security Technical Implementation Guide (STIG) for Oracle Database 19c, V1R1	Re-release for DISA Security Technical Implementation Guide (STIG) for Oracle Database 19c, V1R1, to change the regular expressions of 12343.
CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0	Re-release for CIS Benchmark for Ubuntu Linux 24.04 LTS, v1.0.0, to update the regular expression for the CIDs.
CIS Benchmark for Palo Alto Firewall 11, v1.1.0	Re-release for CIS Benchmark for Palo Alto Firewall 11, v1.1.0, to update the regular expression for CID 12171.