Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The November and December 2018 releases include the following new policy and updates:

  • New CIS Benchmark for Apple macOS 10.13, v1.0.0, and Microsoft Windows 10 Enterprise (Release 1709), v1.4.0
  • New Industry and Best Practices policies for Debian 9 and Microsoft Windows 10 (Version 1803)
  • New technology support and updates to several existing library policies
  • New CIS Benchmark for Microsoft Office, PowerPoint, Access, Word, Excel, and Outlook
  • New Industry and Best Practices policies for Firefox on Windows, JBOSS Wildfly/EAP, Debian 9, Microsoft Windows 10 (Version 1803), and Apple macOS 10.14
  • Support for several new technologies
  • Updates to several existing library policies

Qualys’ Certification Page at CIS has been updated.

New Technologies

  • Apple macOS 10.14
  • Debian Linux 9
  • JBoss WildFly/EAP
  • Mac OS X 10.13
  • Microsoft Office PowerPoint 2013 and 2016
  • Microsoft Office Access 2013 and 2016
  • Microsoft Office Word 2013 and 2016
  • Microsoft Office Outlook 2013 and 2016
  • Microsoft Office Excel 2013 and 2016
  • Microsoft Office 2013 and 2016
  • Mozilla Firefox

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance Policy for Debian 9
  • Qualys Security Configuration and Compliance Policy for Microsoft Windows 10 (Version 1803)
  • Qualys Security Configuration and Compliance Policy for Firefox on Windows
  • Qualys Security Configuration and Compliance Policy for JBoss Wildfly/EAP
  • Qualys Security Configuration and Compliance Policy for Apple macOS 10.14

New CIS Benchmarks

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

  • CIS Benchmark for Apple macOS 10.13, v1.0.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0
  • CIS Benchmark for Microsoft Office 2013, v1.1.0
  • CIS Benchmark for Microsoft Office 2016, v1.1.0
  • CIS Benchmark for Microsoft Office PowerPoint 2013, v1.0.1
  • CIS Benchmark for Microsoft Office PowerPoint 2016, v1.0.1
  • CIS Benchmark for Microsoft Office Access 2013, v1.0.1
  • CIS Benchmark for Microsoft Office Access 2016, v1.0.1
  • CIS Benchmark for Microsoft Office Word 2013 v1.1.0
  • CIS Benchmark for Microsoft Office Word 2016 v1.1.0
  • CIS Benchmark for Microsoft Office Outlook 2013 v1.1.0
  • CIS Benchmark for Microsoft Office Outlook 2016 v1.1.0
  • CIS Benchmark for Microsoft Office Excel 2013 Benchmark v1.0.1
  • CIS Benchmark for Microsoft Office Excel 2016 Benchmark v1.0.1
  • CIS Benchmark for PostgreSQL 9.5, v1.1.0

Updated Library Policies

  • Policy refresh for the following existing library policies
    • CIS Benchmark for Apache HTTP Server 2.2, v3.5.0
    • CIS Benchmark for Apache HTTP Server 2.4, v1.4.0
    • CIS Benchmark for Google Chrome, v1.3.0
    • CIS Benchmark for Apple macOS 10.12, v1.1.0
  • Sequencing update in the following existing library policy:
    • CIS Benchmark for IBM DB2 10.x, v1.1.0
  • Policy update for policy title and cover page of the following policy:
    • Qualys Security Configuration and Compliance Policy for Checkpoint Firewall
  • Fixed policy configuration for the following policy:
    • CIS Benchmark for IBM AIX 7.1, v1.1.0

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • CIS Benchmark for Ubuntu Linux 18.04 LTS v1.0.0
  • CIS Benchmark for PostgreSQL 9.6 v1.0.0
  • CIS Benchmark for Microsoft Windows Server 2016 RTM (Release 1607), v1.1.0

Updates:

  • CIS Benchmark for Oracle Database 12c, v2.1.0
  • CIS Benchmark for Microsoft Internet Explorer 10, v1.1.0
  • CIS Benchmark for Microsoft Internet Explorer 11, v1.0.0
  • NIST 800-53 for Linux Policy
  • Security Configuration and Compliance Policy for Splunk on Linux

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

Leave a Reply