Qualys Policy Compliance Notification: Policy Library Updates (April, May)

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The April 2019 release includes the following new policy and updates:

  • 2 new Industry and Best Practice policies
  • 1 new policy for CIS Benchmarks
  • 5 new DISA STIG policies

The May 2019 release includes the following new policy and updates:

  • 2 new Industry and Best Practice policies
  • Over 40 updated policies

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and also by contributing to the development of new benchmarks through the CIS Community.

The April release contains the following new CIS Benchmark policy:

  • CIS Benchmark for PostgreSQL 10 v1.0.0

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance Policy for Oracle Enterprise Linux
  • Qualys Security Configuration and Compliance Policy for Apache Tomcat 9
  • Qualys Security Configuration and Compliance Policy for SuSE Linux Enterprise Server (SLES) 15
  • Qualys Security Configuration and Compliance Policy for OpenSUSE 15

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) policy for Palo Alto Networks NDM V1R3
  • DISA Security Technical Implementation Guide (STIG) policy for Palo Alto Networks ALG V1R3
  • DISA Security Technical Implementation Guide (STIG) policy for Palo Alto Networks IDPS V1R1
  • DISA Security Technical Implementation Guide (STIG) policy for Cisco IOS XE Release 3 NDM V1R5
  • DISA Security Technical Implementation Guide (STIG) policy for Cisco IOS XE Release 3 RTR V1R3

Updated Library Policies (April package)

Policy update for control configuration changes:

  • CIS Benchmark for Ubuntu Linux 18.04 LTS, v1.0.0
  • CIS Benchmark for Ubuntu Linux 16.04 LTS, v1.1.0
  • CIS Benchmark for Red Hat Enterprise Linux 7, v2.2.0
  • CIS Benchmark for Red Hat Enterprise Linux 6
  • CIS Benchmark for Oracle Linux 7, v2.1.0
  • CIS Benchmark for Oracle Linux 6, v1.1.0
  • CIS Benchmark for IBM AIX 6.1, v1.1.0
  • CIS Benchmark for IBM AIX 7.1, v1.1.0
  • DISA Security Technical Implementation Guide (STIG) for Windows 10, V1R16
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 DC, V1R7
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 MS, V1R7
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511)
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1607), v1.2.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0
  • CIS Benchmark for Microsoft Windows Server 2003, v3.1.0
  • CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.1.0
  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.1.0
  • CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.1.0
  • CIS Benchmark for Microsoft Windows 2012 R2, v2.3.0
  • CIS Benchmark for Microsoft Windows 7 Workstation, v3.1.0
  • CIS Benchmark for Windows 8.1 Workstation, v2.3.0
  • CIS Microsoft Windows Server 2016, v1.0.0
  • CIS Benchmark for Microsoft Windows 2016, v1.1.0
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2016 [Domain Controller]
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2016 [Member Server]
  • Security Configuration and Compliance Policy for Windows Server 2019
  • Microsoft Security Baseline for Windows Server 2019 [Domain Controller]
  • Microsoft Security Baseline for Windows Server 2019 [Member Server]

Updated Library Policies (May package)

Policy update for control configuration changes:

  • CIS Benchmark for SUSE Enterprise Linux Server 11.x, v2.1.0
  • CIS Benchmark for SUSE Linux Enterprise 12.x, v2.1.0
  • CIS Benchmark for Amazon Linux 2, v1.0.0

Policy update for Regex changes in control 7473:

  • NIST 800-53 Rev 4 for Linux

Policy update for new NL value addition in Windows advanced audit controls:

  • Abu Dhabi Systems and Information Centre – Information Security Standards (Abu Dhabi Government) Version 2.0
  • Adobe Common Controls Framework for Microsoft Windows
  • Australian Signals Directorate (ASD) Top 4 Strategies (Mitigate Targeted Cyber Intrusions) for Windows
  • Australia Information Security Manual (Information Technology Security) for Windows
  • NERC CIPv5 for Windows
  • NIST 800-53 Rev 4 for Microsoft Windows
  • United States Government Configuration Baseline (USGCB) for Microsoft Windows 10
  • United States Government Configuration Baseline (USGCB) for Microsoft Windows 7
  • HITRUST Cyber Security Framework (CSF) for Microsoft Windows, Version 8.1
  • CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511), v1.1.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1607), v1.2.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0
  • DISA Security Technical Implementation Guide (STIG) for Windows 10, V1R16
  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.1.0
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 DC, V1R29
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 MS, V1R28
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 R2 Domain Controller
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 R2 Member Server
  • CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.1.0
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 (non-R2) DC, V6R42
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 (non-R2) MS, V6R41
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 Domain Controller
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 Member Server
  • CIS Benchmark for Microsoft Windows 2012 R2, v2.3.0
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 R2 [Domain Controller]
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 R2 [Member Server]
  • CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.1.0
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 Domain Controller
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 Member Server
  • CIS Benchmark for Microsoft Windows 2016, v1.1.0
  • CIS Microsoft Windows Server 2016, v1.0.0
  • Security Configuration and Compliance Policy for Windows Server 2019
  • CIS Benchmark for Windows 8.1 Workstation, v2.3.0
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows 8.1
  • DISA Security Technical Implementation Guide (STIG) for Windows 8.1, V1R20
  • CIS Benchmark for Windows XP, v2.0.1
  • CIS Benchmark for Microsoft Windows 8, v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for Windows 7, V1R29
  • CIS Benchmark for Microsoft Windows 7 Workstation, v3.1.0
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows 7
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows 8

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • Qualys Security Configuration and Compliance Policy for MongoDB 4.x
  • Qualys Security Configuration and Compliance Policy for SELinux in PC library
  • Qualys Security Configuration and Compliance Policy for Data Domain OS 5 (OCA)
  • Qualys Security Configuration and Compliance Policy for Brocade Fabric 7.x (OCA)
  • Qualys Security Configuration and Compliance Policy for Brocade Fabric 8.x (OCA)

If you have any questions, please contact your TAM or Technical Support. See all library updates.


This is a companion discussion topic for the original entry at https://blog.qualys.com/news/2019/07/11/qualys-policy-compliance-notification-policy-library-updates-april-may