Policy Compliance Library Updates, January 2026

DISA STIG Policies
Qualys Policies
Safeguard Computer Security Evaluation Matrix (SCSEM)
Compliance Standards
New Policies/Mandates
Policy Updates
Deprecated Policies
Proposed Upcoming Policies
Whats Next

Qualys’ library of built-in policies makes it easy to comply with the widely adopted security standards and regulations. The platform offers a broad range of policies, including many that have been certified by the Center for Internet Security (CIS), as well as security guidelines and industry best practices from operating system and application vendors.

Qualys’ Certification Page on the CIS website has also been updated. CIS Benchmark PoliciesCenter for Internet Security (CIS) Benchmark policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. By leveraging industry best practices, these guidelines help reduce the risk of cyberattacks, such as data breaches.

DISA STIG Policies

STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). These guidelines equip organizations with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.

Qualys Policies

Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfigurations and enact technical policies to fortify systems and safeguard against potential threats.

Safeguard Computer Security Evaluation Matrix (SCSEM)

It typically comprises a structured set of criteria, guidelines, and metrics to measure security aspects such as confidentiality, integrity, availability, and compliance.

Compliance Standards

Compliance standards are regulatory frameworks that safeguard sensitive data and help ensure privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.

CIS Benchmark Policies	12
DISA STIG Policy	07
Industry Best Practices Policy	04
New Supported Mandates	0
Deprecated Mandates	0

New Policies/Mandates

Listed below are the number of policies and mandates deployed in January 2026:

CIS Benchmark Policies	CIS Benchmark for Oracle Linux 10, v1.0.0 CIS Benchmark for Microsoft Windows Server 2025 Stand-alone, v1.0.0 CIS Benchmark for Palo Alto Firewall 10, v1.3.0 CIS Benchmark for Oracle MySQL Enterprise Edition 8.4, v1.1.0 CIS Benchmark for Oracle MySQL Community Server 8.4, v1.1.0 CIS Benchmark for Oracle Database 19c, v2.0.0 CIS Ubuntu 22.04 v3.0.0 CIS HPE Aruba Networking CX Switch Benchmark, v1.0.0 CIS Oracle Cloud Infrastructure Container Engine for Kubernetes(OKE) Benchmark, v1.8.0 CIS Google Kubernetes Engine (GKE) Benchmark, v1.9.0 CIS Benchmark for Cisco IOS XE 17.x, v2.2.1 CIS Red Hat Enterprise Linux 8 Benchmark, v4.0.0
DISA STIG Policies	DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX, V2R6 DISA Security Technical Implementation Guide (STIG) for HPE Aruba Networking AOS Wireless, V1R1 DISA Security Technical Implementation Guide (STIG) for Active Directory Forest, V3R2 DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 8, V2R3 DISA STIG for Aruba Networking AOS NDM, V1R1 DISA STIG for Aruba Networking AOS VPN, V1R1 DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router NDM, V3R5
Industry and Best Practices Policies	Security Configuration and Compliance Policy for HP ILO Microsoft Security Baseline for Windows 11 Version 25H2 Security Configuration and Compliance Policy for ArubaOS 10.x Security Configuration and Compliance Policy for F5OS
New Supported Mandates	NA
Deprecated mandates	NA

Policy Updates

We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.

Deprecated Policies

DISA Security Technical Implementation Guide (STIG) for Apache 2.4 Site for UNIX, V2R5
DISA Security Technical Implementation Guide (STIG) for Active Directory Forest, V3R1
CIS Benchmark for Red Hat Enterprise Linux 8, v3.0.0
DISA Security Technical Implementation Guide (STIG) for VMWare vSphere vCenter Server 8, V2R2
CIS Benchmark for Palo Alto Firewall 10, v1.2.0
CIS Benchmark for Oracle MySQL Enterprise Edition 8.4, v1.0.0
CIS Benchmark for Oracle MySQL Community Server 8.4, v1.0.0
CIS Benchmark for Oracle Database 19c on Linux host, v1.2.0
CIS Benchmark for Oracle Database 19c on Windows host, v1.2.0
CIS Benchmark for Oracle Database 19c Multitenant on Linux host, v1.2.0
CIS Benchmark for Oracle Database 19c Multitenant on Windows host, v1.2.0

Proposed Upcoming Policies

We plan to release the following policies and updates next month:

DISA Security Technical Implementation Guide (STIG) for Apple macOS 15 (Sequoia) STIG, Ver 1, Rel 4
CIS IBM z/OS with RACF Benchmark v1.0.0
Security Configuration and Compliance Policy for Microsoft Edge for MacOS
Microsoft Security Baseline for Microsoft Edge Version 142
CIS HPE Aruba Networking CX Switch Benchmark, v1.0.1
Security Configuration and Compliance Policy for Kali Linux 2025.x
Security Configuration & Compliance Policy for VMware ESXi 9.x
CIS AlmaLinux OS 10 Benchmark v1.0.0
CIS Rocky Linux 10 Benchmark, 1.0.0
CIS PostgreSQL 13 v1.3.0
CIS PostgreSQL 14 v1.3.0
CIS Red Hat OpenShift Container Platform Benchmark, v1.9.0

What’s Next

Discover how Qualys Enterprise TruRisk^TM Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more about it here.

Additional Information

Feel free to contact your Technical Account Manager (TAM) or Qualys Technical Support if you have any questions.

Learn More

Find all policy library updates here.
Check out Qualys’ updated Certification Page on the CIS website here.