Policy Compliance Library Updates, February 2026
Qualys’ library of built-in policies makes it easy to comply with the widely adopted security standards and regulations. The platform offers a broad range of policies, including many that have been certified by the Center for Internet Security (CIS), as well as security guidelines and industry best practices from operating system and application vendors.
Qualys’ Certification Page on the CIS website has also been updated.
CIS Benchmark Policies
Center for Internet Security (CIS) Benchmark policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. By leveraging industry best practices, these guidelines help reduce the risk of cyberattacks, such as data breaches.
DISA STIG Policies
STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). These guidelines equip organizations with the necessary tools to adhere to rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.
Qualys Policies
Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfigurations and enact technical policies to fortify systems and safeguard against potential threats.
Safeguard Computer Security Evaluation Matrix (SCSEM)
It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.
Compliance Standards
Compliance standards are regulatory frameworks that safeguard sensitive data and help ensure privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.
New Policies/Mandates
Listed below are the number of policies and mandates deployed in February 2026:
| CIS Benchmark Policies | 5 |
| DISA STIG Policy | 11 |
| Industry Best Practices Policy | 6 |
| New Supported Mandates | 2 |
| Deprecated Mandates | 0 |
Listed below are the newly published policies and mandates:
| CIS Benchmark Policies | CIS Benchmark for IBM z/OS with RACF, v1.0.0 CIS AlmaLinux OS 10 Benchmark v1.0.0 CIS Rocky Linux 10 Benchmark, 1.0.0 CIS Red Hat OpenShift Container Platform Benchmark, v1.9.0 CIS Microsoft Windows 11 Enterprise Benchmark, v5.0.0 |
| DISA STIG Policies | DISA Security Technical Implementation Guide (STIG) for Apple macOS 15 (Sequoia), V1R4 DISA STIG Cisco IOS XR Router STIG – NDM V3R5 DISA STIG Cisco NX OS Switch STIG – L2S V3R3 DISA STIG NetApp ONTAP DSC 9.x STIG – Ver 2, Rel 3 DISA STIG Sunset-Infoblox 7.x DNS STIG – Ver 2, Rel 2 DISA STIG Cisco IOS Router STIG – RTR V3R4 DISA STIG Cisco IOS XE Router STIG – RTR V3R5 DISA STIG Cisco IOS XE Switch STIG – NDM V3R5 DISA STIG Cisco IOS XE Switch STIG – RTR V3R3 DISA STIG Cisco IOS XR Router STIG – RTR V3R3 DISA STIG Cisco ASA STIG – NDM V2R4 |
| Industry and Best Practices Policies | Microsoft Security Baseline for Microsoft Edge Version 139 Security Configuration and Compliance Policy for Kali Linux 2025.x Security Configuration and Compliance Policy for VMware ESXi 9.x Security Configuration & Compliance Policy for CentOS Stream 10.x Security Configuration and Compliance Policy for Microsoft Edge for MacOS Security Configuration and Compliance Policy for Kali Linux 2024.x |
| New Supported Mandates | National Cyber Security Baseline, Version 1.4 Cybersecurity Maturity Model Certification (CMMC) |
| Deprecated mandates | NA |
Policy Updates
We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.
| Policy | Update |
| CIS Benchmark for F5 Networks, v1.0.0 | Re-release for CIS Benchmark for F5 Networks, v1.0.0, to review and update multiple CIDs evaluation. |
| CIS IBM WebSphere Liberty Benchmark v1.0.0 | Re-release for CIS IBM WebSphere Liberty Benchmark v1.0.0, to add IBM WebSphere Liberty 25. |
| DISA STIG for IBM WebSphere Liberty Server, V2R2 | Re-release for DISA STIG for IBM WebSphere Liberty Server, V2R2, to add IBM WebSphere Liberty 25. |
| CIS Benchmark for HPE Aruba Networking CX Switch, v1.0.1 | Re-release for CIS HPE Aruba Networking CX Switch Benchmark, v1.0.1 to review and update multiple CIDs evaluation. |
| CIS Benchmark for Microsoft IIS 8.0, v1.5.0 | Re-release for CIS Benchmark for Microsoft IIS 8.0, v1.5.0, to update the reference number. |
| CIS Benchmark for Red Hat Enterprise Linux 10, v1.0.1 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 10, v1.0.1, to: Remove CID 20603 from Level 1 Policy Update the regular expression for CID 26649 |
| DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R14 | Re-release for DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V3R14, to update the regular expression for CID 28267. |
| CIS Benchmark for Debian Linux 10, v2.0.0 | Re-release for CIS Benchmark for Debian Linux 10, v2.0.0, to update the regular expression for CID 17996. |
| DISA Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS, V2R5 | Re-release for DISA Security Technical Implementation Guide (STIG) for Ubuntu 22.04 LTS, V2R5, to update the regular expression for CID 12858 and 29520. |
| CIS Benchmark for Oracle Linux 8, v3.0.0 | Re-release for CIS Benchmark for Oracle Linux 8, v3.0.0, to replace CID 28220 with 29568 and 29569. |
| CIS Benchmark for Juniper OS, v2.1.0 | Re-release for CIS Benchmark for Juniper OS, v2.1.0, to add Juniper OS 24.x. |
| DISA Security Technical Implementation Guide (STIG) for Juniper SRX SG NDM, V3R3 | Re-release for DISA Security Technical Implementation Guide (STIG) for Juniper SRX SG NDM, V3R3, to add Juniper OS 24.x. |
| DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM, V3R2 | Re-release for DISA Security Technical Implementation Guide (STIG) for Juniper Router NDM, V3R2, to add Juniper OS 24.x. |
| DISA Security Technical Implementation Guide (STIG) for Juniper Router RTR, V3R2 | Re-release for DISA Security Technical Implementation Guide (STIG) for Juniper Router RTR, V3R2, to add Juniper OS 24.x. |
| CIS Benchmark for Debian Linux 12, v1.1.0 | Re-release for CIS Benchmark for Debian Linux 12, v1.1.0, to: Replace CID 29443 with 16048. Update the regular expression for CID 2188 and 4990. |
| CIS Benchmark for Red Hat Enterprise Linux 8, v4.0.0 | Re-release for CIS Benchmark for Red Hat Enterprise Linux 8, v4.0.0, to remove CID 20603 from the Level 1 policy. |
| CIS Oracle Linux 10 Benchmark v1.0.0 | Re-release for CIS Oracle Linux 10 Benchmark v1.0.0, to review and update multiple CIDs evaluation. |
| DISA Security Technical Implementation Guide (STIG) for Active Directory domain | Re-release for DISA Security Technical Implementation Guide (STIG) for Active Directory domain to add Windows 2025 Active Directory. |
| Qulays Security Configuration and Compliance Policy for Windows Active Directory | Re-release for Qulays Security Configuration and Compliance Policy for Windows Active Directory to add Windows 2025 Active Directory. |
| CIS Benchmark for Microsoft SQL Server 2016, v1.4.0 | Re-release for CIS Benchmark for Microsoft SQL Server 2016, v1.4.0, to replace the controls 27014 and 27015 with 31668 and 31669. |
| CIS benchmark Ubuntu 20 v3.0.0 | Re-release for CIS benchmark Ubuntu 20 v3.0.0, to update the CID 29256. |
| CIS Benchmark for IBM z/OS with RACF, v1.0.0 | Re-release for CIS Benchmark for IBM z/OS with RACF, v1.0.0, to update the regular expressions for 30631 due to vtag changes. |
| CIS Benchmark for IBM z/OS V2R5 with RACF, v1.1.0 | Re-release for CIS Benchmark for IBM z/OS V2R5 with RACF, v1.1.0, to update the regular expressions for 30631 due to vtag changes. |
| DISA Security Technical Implementation Guide (STIG) for IBM z/OS RACF, V9R4 | Re-release for DISA Security Technical Implementation Guide (STIG) for IBM z/OS RACF, V9R4, to update the regular expressions for 30631 due to vtag changes. |
| Security Configuration and Compliance Policy for Palo Alto Panorama | Re-release for Security Configuration and Compliance Policy for Palo Alto Panorama to add Palo Alto Panorama 12.x technology. |
| CIS Red Hat Enterprise Linux 8 v4.0.0 | Re-release for CIS Red Hat Enterprise Linux 8 v4.0.0, to replace controls for CIS. |
| CIS Oracle Database 19c Benchmark v1.2.0 | Re-release for CIS Oracle Database 19c Benchmark v1.2.0, to create Security Configuration and Compliance Policy for Oracle Database 19c. |
Deprecated Policies
- Security Configuration and Compliance Policy for Alma Linux 10.x
- CIS Benchmark for RedHat OpenShift Container Platform, v1.8.0
- CIS Benchmark for Microsoft Windows 11 Enterprise, v4.0.0
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router NDM, V3R4
- DISA Security Technical Implementation Guide (STIG) for Cisco NX-OS Switch L2S, V3R2
- DISA Security Technical Implementation Guide (STIG) for NetApp ONTAP DSC 9.x, V2R2
- DISA Security Technical Implementation Guide (STIG) for Infoblox 7.x DNS, V2R1
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router RTR, V3R3
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router RTR, V3R3
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch NDM, V3R4
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Switch RTR, V3R2
- DISA Security Technical Implementation Guide (STIG) for Cisco IOS XR Router RTR, V3R2
- DISA Security Technical Implementation Guide (STIG) for Cisco ASA NDM, V2R3
Proposed Upcoming Policies
We plan to release the following policies and updates next month:
- CIS Rocky Linux 8 Benchmark, v3.0.0
- CIS Oracle Linux 8 Benchmark, v4.0.0
- CIS AlmaLinux OS 8 Benchmark, v4.0.0
- CIS FortiGate 7.4.x Benchmark, 1.0.0
- Security Configuration and Compliance Policy for Microsoft Office for MacOS
- Security configuration and compliance policy for Debian Linux 13.x
- Security Configuration and Compliance Policy for VMware NSX Manager
- Security Configuration and Compliance Policy for Dell EMC Networking OS 10.x
- Security Configuration and Compliance Policy for Microsoft Outlook MacOS
- Security Configuration and Compliance Policy for Microsoft Autoupdate MacOS
- Security Configuration & Compliance Policy for VMware NSX Edge 4.x
- Security Configuration & Compliance Policy for Microsoft Excel (macOS)
- CIS Visual Studio Code GPO Benchmark, v1.0.0
- DISA Security Technical Implementation Guide (STIG) for Ubuntu 24.04 LTS, V1R4
- Security Configuration and Compliance Policy for VMware tc Server 5.x
- Security Configuration and Compliance Policy for OpenGear 24.x
What’s Next
Discover how Qualys Enterprise TruRiskTM Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more about it here.
Additional Information
Feel free to contact your Technical Account Manager (TAM) or Qualys Technical Support if you have any questions.
Learn More