Policy Compliance Library Updates, March 2026 

Vaishali Kulkarni
Vaishali Kulkarni
- 11 min read

Table of Contents

Qualys’ library of built-in policies makes it easy to comply with the widely adopted security standards and regulations. The platform offers a broad range of policies, including many that have been certified by the Center for Internet Security (CIS), as well as security guidelines and industry best practices from operating system and application vendors. 

Qualys’ Certification Page on the CIS website has also been updated.  

CIS Benchmark Policies

Center for Internet Security (CIS) Benchmark policies are technical guidelines for organizations to improve their cybersecurity posture by aligning with recommended secure configurations. By leveraging industry best practices, these guidelines help reduce the risk of cyberattacks, such as data breaches.

DISA STIG Policies

STIG stands for Security Technical Implementation Guide, which is a set of cybersecurity guidelines published by the Defense Information Systems Agency (DISA). These guidelines equip organizations with the tools to comply with rules, regulations, best practices, and federal laws, facilitating compliance and bolstering cybersecurity measures.

Qualys Policies

Qualys oversees the discovery and resolution of technical issues while implementing robust policy frameworks. Researchers within Qualys actively identify cybersecurity misconfigurations and enact technical policies to fortify systems and safeguard against potential threats.

Safeguard Computer Security Evaluation Matrix (SCSEM)

It typically comprises a structured set of criteria, guidelines, and metrics designed to measure various aspects of security, such as confidentiality, integrity, availability, and compliance.

Compliance Standards

Compliance standards are regulatory frameworks that safeguard sensitive data and help ensure privacy and security. They offer guidelines and best practices for organizations to achieve compliance and mitigate risks in handling sensitive information.

New Policies/Mandates 

Listed below are the number of policies and mandates deployed in March 2026: 

CIS Benchmark Policies 7
DISA STIG Policy 23
Industry Best Practices Policy 13
New Supported Mandates0
Deprecated Mandates0

Listed below are the newly published policies and mandates:  

CIS Benchmark Policies CIS Benchmark for Visual Studio Code GPO, v1.0.0

CIS Rocky Linux 8 Benchmark, v3.0.0

CIS Oracle Linux 8 Benchmark, v4.0.0

CIS AlmaLinux OS 8 Benchmark, v4.0.0

CIS FortiGate 7.4.x Benchmark, 1.0.1

CIS Microsoft Windows Server 2022 Benchmark, v5.0.0 

CIS Microsoft Windows Server 2025 Benchmark, v2.0.0 
DISA STIG Policies DISA Security Technical Implementation Guide (STIG) for Oracle Database 19c STIG – Ver 1, Rel 4

DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11 STIG – Ver 2, Rel 6

DISA Security Technical Implementation Guide (STIG) for Microsoft Word 2016 STIG – Ver 2, Rel 1

DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox STIG – Ver 6, Rel 7

DISA Security Technical Implementation Guide (STIG) for Microsoft Access 2016 STIG – Ver 2, Rel 1

DISA Security Technical Implementation Guide (STIG) for Microsoft Excel 2016 STIG – Ver 2, Rel 2

DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016 STIG – Ver 2, Rel 5

DISA Security Technical Implementation Guide (STIG) for Microsoft Outlook 2016 STIG – Ver 2, Rel 4

DISA Security Technical Implementation Guide (STIG) for Microsoft PowerPoint 2016 STIG – Ver 2, Rel 1

DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Instance

DISA Security Technical Implementation Guide (STIG) for Ivanti Connect Secure STIG – NDM V2R3

DISA Security Technical Implementation Guide (STIG) for MariaDB Enterprise 10.x STIG – Ver 2, Rel 4

DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Database V3R4

DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2022 Database STIG

DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC STIG – Ver 3, Rel 4

DISA Security Technical Implementation Guide (STIG) for Solaris 11 x86 STIG – Ver 3, Rel 4

DISA Security Technical Implementation Guide (STIG) for Kubernetes STIG – Ver 2, Rel 5

DISA Security Technical Implementation Guide (STIG) for Microsoft Defender Antivirus STIG – Ver 2, Rel 7

DISA Security Technical Implementation Guide (STIG) for Microsoft Edge STIG – Ver 2, Rel 4

DISA Security Technical Implementation Guide (STIG) for Microsoft Internet Explorer 11 STIG Benchmark – Ver 2, Rel 6

DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2022 Instance, V1R3

DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise Server 12 STIG – Ver 3, Rel 4

DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 10 STIG – Ver 3, Rel 6
Industry and Best Practices Policies Security Configuration and Compliance Policy for VMware NSX Manager 4.x

Security Configuration and Compliance Policy for VMware NSX Edge 4.x

Security Configuration and Compliance Policy for VMware tc Server

Security Configuration and Compliance Policy for Opengear 24.x

Security Configuration and Compliance Policy for IBM z/OS Security Server RACF 3.x

Security Configuration and Compliance Policy for Kali Linux 2024.x

Security Configuration & Compliance Policy for Checkpoint Gaia os Version R82

Security Configuration and Compliance Policy for Microsoft Office for macOS

Security Configuration and Compliance Policy for Google Chrome for macOS

Security configuration and compliance policy for Debian Linux 13.x

Security Configuration and Compliance Policy for Microsoft Outlook macOS

Security Configuration and Compliance Policy for Microsoft Autoupdate macOS

Security Configuration & Compliance Policy for Microsoft Excel (macOS)
New Supported MandatesNA
Deprecated mandatesNA

Policy Updates 

We have updated your Policy Library. The following policies and mandates have been re-released as part of our customer CRM.

Policy Update  
CIS Benchmark for AlmaLinux OS 10, v1.0.0Re-release for CIS Benchmark for AlmaLinux OS 10, v1.0.0, for CID 29382 and CID 29383
CIS Benchmark for Oracle Linux 10, v1.0.0Re-release for CIS Benchmark for Oracle Linux 10, v1.0.0, for CID 29382 and CID 29383
CIS Benchmark for Rocky Linux 10, v1.0.0Re-release for CIS Benchmark for Rocky Linux 10, v1.0.0, for CID 29382 and CID 29383
CIS Benchmark for Oracle Database 19c on Linux host, v1.2.0Re-release for CIS Benchmark for Oracle Database 19c on Linux host, v1.2.0
CIS Benchmark for Oracle Database 19c on Windows host, v1.2.0Re-release for CIS Benchmark for Oracle Database 19c on Windows host, v1.2.0
CIS Benchmark for MongoDB 8, v1.0.0Re-release for CIS Benchmark for MongoDB 8, v1.0.0, to update the regular expression for CID 11960
CIS Benchmark for IBM i V7R5M0, v2.1.0Re-release for CIS Benchmark for IBM i V7R5M0, v2.1.0, to fix the regular expression for multiple CIDs
CIS Benchmark for IBM i V7R4M0, v2.1.0Re-release for CIS Benchmark for IBM i V7R4M0, v2.1.0, to fix the regular expression for multiple CIDs
Security Configuration and Compliance Policy for Splunk on LinuxRe-release for Security Configuration and Compliance Policy for Splunk on Linux, to add Splunk 10.x (Unix) technology
CIS Benchmark for Red Hat Enterprise Linux 8, v4.0.0Re-release for CIS Benchmark for Red Hat Enterprise Linux 8, v4.0.0, to update the regular expression for CID 4990,  31177, 31176, 27073
CIS Benchmark for Apache HTTP Server 2.4, v2.3.0Re-release for CIS Benchmark for Apache HTTP Server 2.4, v2.3.0, to change the control regular expressions for 9046, 9047, and 9048
CIS Benchmark for VMware ESXi 8.0, V1.2.0 Re-release for CIS Benchmark for VMware ESXi 8.0, V1.2.0  policy to update the regular expression for CID 9016 and 22461
CIS Benchmark for Microsoft Windows 11 Stand-alone, v4.0.0Re-release for CIS Benchmark for Microsoft Windows 11 Stand-alone, v4.0.0, to update the regular expression for CID 1169
CIS Microsoft Intune for Windows 11 Benchmark, v4.0.0Re-release for CIS Microsoft Intune for Windows 11 Benchmark, v4.0.0, to update the regular expression for CID 1169
CIS Benchmark for Microsoft Intune Windows 10, v4.0.0Re-release for CIS Benchmark for Microsoft Intune Windows 10, v4.0.0, to update the regular expression for CID 1169
DISA STIG Ubuntu 24.04 V1R2 Re-release for DISA STIG Ubuntu 24.04 V1R2, to update the regular expressions of CID 28547, 28570, and 28612
CIS Benchmark for Cisco Firewall ASA 9.x, v1.1.0Re-release for CIS Benchmark for Cisco Firewall ASA 9.x, v1.1.0, to replace CID 12565 with a new control
CIS Benchmark for Microsoft Windows 11 Enterprise, v5.0.0Re-release for CIS Benchmark for Microsoft Windows 11 Enterprise, v5.0.0, to update the reference number 18.10.94.4.3 and regular expression for CID 1169
DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V3R4 Re-release for DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks ALG, V3R4,  to update the regular expressions of CID 12145, 12148, 12149, 14381 & 14579
CIS Benchmark for F5 Networks, v1.0.0Re-release for CIS Benchmark for F5 Networks, v1.0.0, to update the regular expression of CID 14507
CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0Re-release for CIS Benchmark for Red Hat Enterprise Linux 9, v2.0.0, to update the NL value evaluation for CID 29126

Deprecated Policies

  • CIS Rocky Linux 8 Benchmark v2.0.0
  • CIS Benchmark for Oracle Linux 8, v3.0.0
  • CIS Benchmark for Alma Linux 8 v3.0.0
  • DISA Security Technical Implementation Guide (STIG) for Ivanti Connect Secure NDM, V2R2
  • DISA Security Technical Implementation Guide (STIG) for MariaDB 10.x, V2R3
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise 12.x, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Database, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2022 Database, V1R1
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 SPARC, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Solaris 11 X86, V3R3
  • DISA Security Technical Implementation Guide (STIG) for Kubernetes, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft (MS) Windows Defender Antivirus, V2R6
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Edge, V2R3
  • DISA Security Technical Implementation Guide (STIG) for Oracle Database 19c, V1R2
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Internet Explorer 11, V2R5
  • DISA Security Technical Implementation Guide (STIG) for Windows 10, V3R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows 11, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Word 2016, V1R1
  • DISA Security Technical Implementation Guide (STIG) for Mozilla FireFox, V6R6
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Access 2016, V1R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Excel 2016, V2R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Office System 2016, V2R4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Outlook 2016,V2R3
  • DISA Security Technical Implementation Guide (STIG) for Microsoft PowerPoint 2016, V1R1
  • CIS Benchmark for Microsoft Windows Server 2022, v4.0.0
  • CIS Benchmark for Microsoft Windows Server 2025, v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2022 Instance, V1R1
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Instance, V3R5

Proposed Upcoming Policies

We plan to release the following policies and updates next month:

  • Security Configuration & Compliance Policy for Neo4j 4.x
  • CIS NGINX Benchmark, v3.0.0
  • Safeguard Computer Security Evaluation Matrix for Red Hat Enterprise Linux 8, v7.0
  • Safeguard Computer Security Evaluation Matrix for Red Hat Enterprise Linux 7, v7.0
  • Security Configuration & Compliance Policy for Neo4j 5.x
  • Security Configuration and Compliance Policy for Microsoft Word macOS
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Router STIG – NDM V3R6
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS XE Router STIG – NDM V3R6
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch STIG – NDM V3R6
  • DISA Security Technical Implementation Guide (STIG) for Cisco IOS Switch STIG – RTR V3R2
  • DISA Security Technical Implementation Guide (STIG) for Cisco NX OS Switch STIG – NDM V3R6
  • DISA Security Technical Implementation Guide (STIG) for Oracle Linux 8 STIG – Ver 2, Rel 7
  • DISA Security Technical Implementation Guide (STIG) for Oracle Linux 9 STIG – Ver 1, Rel 4
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 8 STIG – Ver 2, Rel 6
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 9 STIG – Ver 2, Rel 7
  • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 20.04 LTS STIG – Ver 2, Rel 4
  •  DISA Security Technical Implementation Guide (STIG) for Apache Tomcat Application Server 9 STIG – Ver 3, Rel 3
  • DISA Security Technical Implementation Guide (STIG) for Amazon Linux 2023 STIG – Ver 1, Rel 2
  • DISA Security Technical Implementation Guide (STIG) for SUSE Linux Enterprise Server 15 STIG – Ver 2, Rel 6
  •  DISA Security Technical Implementation Guide (STIG) for Oracle Linux 7 STIG – Ver 3, Rel 5
  • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 22.04 LTS STIG – Ver 2, Rel 7
  • DISA Security Technical Implementation Guide (STIG) for Canonical Ubuntu 24.04 LTS STIG – Ver 1, Rel 4
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2019 STIG – Ver 3, Rel 7
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Windows Server 2022 STIG – Ver 2, Rel 7
  • DISA Security Technical Implementation Guide (STIG) for Microsoft Office 365 ProPlus STIG – Ver 3, Rel 4
  • Safeguard Computer Security Evaluation Matrix for Palo Alto Firewall 10.x, 1.0

What’s Next 

Discover how Qualys Enterprise TruRiskTM Platform can help you reduce cyber risk and improve business outcomes through precise remediation activities. Learn more about it here

Additional Information 

Feel free to contact your Technical Account Manager (TAM) or Qualys Technical Support if you have any questions. 

Learn More

  • Find all policy library updates here
  • Check out Qualys’ updated Certification Page on the CIS website here.
Share your Comments

Comments

Your email address will not be published. Required fields are marked *