Policy Compliance Library Updates, October 2019

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The October release includes the following new policy and updates:

  • 2 new technologies for OCA
  • 7 new technologies for Scanner
  • 10 new CIS Benchmark policies
  • 3 new browser policies for Cloud Agent
  • 11 new Industry and Best Practice policies
  • 1 new DISA STIG policy
  • 1 Microsoft Security Baseline policy
  • More than 100 updated policies

Qualys’ Certification Page at CIS has been updated.

New Technologies

OCA:

  • Cisco FTD 6.x
  • Cisco WLC 8.x

Scanner:

  • Apache Kafka
  • Cisco NX-OS 9.x
  • Elasticsearch
  • Oracle 19c
  • Microsoft Exchange Server 2010
  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and also by contributing to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

  • CIS Benchmark for Apache HTTP Server 2.2 v3.6.0
  • CIS Benchmark for Apache HTTP Server 2.4 v1.5.0
  • CIS Benchmark for Debian Linux 8 Benchmark v2.0.0
  • CIS Benchmark for Docker v1.2.0
  • CIS Benchmark for Google Chrome v2.0.0
  • CIS Benchmark for Microsoft Exchange Server 2013 v1.1.0
  • CIS Benchmark for Microsoft Exchange Server 2016 v1.0.0
  • CIS Benchmark for Microsoft IIS 10 v1.1.1
  • CIS Benchmark for PostgreSQL 11 v1.0.0
  • CIS Benchmark for Windows 2019 Server v1.0.0

New Browser Policies Supported via Cloud Agent

  • CIS Benchmark for Google Chrome, v1.3.0
  • CIS Benchmark for Microsoft Internet Explorer 10, v1.1.0
  • CIS Benchmark for Microsoft Internet Explorer 11, v1.0.0

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance Policy for RHEL 8
  • Qualys Security Configuration and Compliance Policy for Oracle 19c
  • Qualys Security Configuration and Compliance Policy for MySQL 8.x
  • Qualys Security Configuration and Compliance Policy for Apache Kafka
  • Qualys Security Configuration and Compliance Policy for ElasticSearch
  • Qualys Security Configuration and Compliance Policy for ArubaOS 6.x
  • Qualys Security Configuration and Compliance Policy for Comware 5 and Comware 7
  • Qualys Security Configuration and Compliance Policy for FireEye CMS 7.x and 8.x
  • Qualys Security Configuration and Compliance Policy for HPE 3PAR OS 3.x
  • Qualys Security Configuration and Compliance Policy for Symantec SGOS 6.x
  • Qualys Security Configuration and Compliance Policy for Safeguard Computer Security Evaluation Matrix for Red Hat Enterprise Linux 7.x

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) policy for PostgreSQL 9.x V1R5

New Microsoft Security Baseline Policy

  • Microsoft Security Baseline for Windows 10 1903

Updated Library Policies

Policy update to add “Not Scored” checks:

CIS Benchmark for Ubuntu Linux 18.04 LTS, v1.0.0
CIS Benchmark for CentOS Linux 7, v2.2.0

Policy update for control configuration changes:

CIS Benchmark for Microsoft IIS 7.x, v1.8.0
CIS Benchmark for Microsoft IIS 8.x, v1.5.0
CIS Benchmark for Red Hat Enterprise Linux 7
Security Configuration and Compliance Policy for Cisco NX OS

Policy update to remove redundant XML tags:

  • Abu Dhabi Systems and Information Centre – Information Security Standards (Abu Dhabi Government) Version 2.0
  • Adobe Common Controls Framework for Google Chrome
  • Adobe Common Controls Framework for Microsoft Internet Explorer
  • Adobe Common Controls Framework for Microsoft Windows
  • Australia Information Security Manual (Information Technology Security) for Windows
  • Best Practice Controls for Reducing Risk related to Malware/Ransomware
  • CIS Benchmark for Apple Mac OS X 10.8, v1.1.0
  • CIS Benchmark for Apple Mac OS X 10.9, v1.0.0
  • CIS Benchmark for Apple macOS 10.12, v1.1.0
  • CIS Benchmark for Apple macOS 10.13, v1.0.0
  • CIS – Apple OS X 10.10, v1.0.0
  • CIS – Apple OS X 10.11, v1.0.0
  • CIS Benchmark for Amazon Linux 2, v1.0.0
  • CIS Benchmark for Amazon Linux 2016, v2.0.0
  • CIS Benchmark for Apache Tomcat 6.0 v1.0.0
  • CIS Benchmark for Apache Tomcat 7 v.1.1.0
  • CIS Benchmark for Apache Tomcat 8, v1.0.1
  • CIS Benchmark for CentOS Linux 6, v2.1.0
  • CIS Benchmark for Cisco Firewall ASA 8.x, v4.1.0
  • CIS Benchmark for Cisco Firewall ASA 9.x, v4.1.0
  • CIS Benchmark for Cisco IOS 15, V4.0.0
  • CIS Benchmark for Debian Linux 7, v1.0.0
  • CIS Benchmark for Debian Linux 9, v1.0.0
  • CIS Benchmark for Docker 1.11.0, v1.0.0
  • CIS Benchmark for Docker 1.12.0, v1.0.0
  • CIS Benchmark for Docker 1.13.0, v1.0.0
  • CIS Benchmark for HP-UX 11i, v1.5.0
  • CIS Benchmark for IBM AIX 6.1, v1.1.0
  • CIS Benchmark for IBM AIX 7.1, v1.1.0
  • CIS Benchmark for IBM DB2 10.x, v1.1.0
  • CIS Benchmark for IBM DB2 9.x, v3.0.1
  • CIS Benchmark for Microsoft IIS 7.x, v1.8.0
  • CIS Benchmark for Microsoft IIS 8.x, v1.5.0
  • CIS Benchmark for Microsoft Internet Explorer 10, v1.1.0
  • CIS Benchmark for Microsoft Internet Explorer 11, v1.0.0
  • CIS Benchmark for Microsoft Office 2013, v1.1.0
  • CIS Benchmark for Microsoft Office 2016, v1.1.0
  • CIS Benchmark for Microsoft SQL Server 2008 R2, v1.5.0
  • CIS Benchmark for Microsoft SQL Server 2012, v1.4.0
  • CIS Benchmark for Microsoft SQL Server 2014, v1.3.0
  • CIS Benchmark for Microsoft SQL Server 2016, v1.0.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1607), v1.2.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1709), v1.4.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1803), v1.5.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511), v1.1.0
  • CIS Benchmark for Microsoft Windows 2012 R2, v2.3.0
  • CIS Benchmark for Microsoft Windows 2016, v1.1.0
  • CIS Benchmark for Microsoft Windows 7 Workstation, v3.1.0
  • CIS Benchmark for Microsoft Windows 8, v1.0.0
  • CIS Benchmark for Microsoft Windows Server 2003 v3.1.0
  • CIS Benchmark for Microsoft Windows Server 2008 non-R2, v3.1.0
  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.1.0 [Scored, Level 2 – Member Server]
  • CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.1.0
  • CIS Benchmark for MongoDB 3.4, v1.0.0
  • CIS Benchmark for Oracle Database 11gR2, V2.2.0
  • CIS Benchmark for Oracle Database Server 11-11g R2, v1.0.0
  • CIS Benchmark for Oracle Linux 6, v1.1.0
  • CIS Benchmark for Oracle MySQL Community Server 5.6, v1.1.0
  • CIS Benchmark for Oracle MySQL Enterprise Edition 5.6, v1.1.0
  • CIS Benchmark for Oracle MySQL Enterprise Edition 5.7, v1.0.0
  • CIS Benchmark for Oracle Solaris 10, v5.2.0
  • CIS Benchmark for Oracle Solaris 11, v1.1.0
  • CIS Benchmark for Palo Alto Firewall 7, v1.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 5, v2.2.0
  • CIS Benchmark for Red Hat Enterprise Linux 6, v2.1.0
  • CIS Benchmark for Red Hat Enterprise Linux 7, v2.2.0
  • CIS Benchmark for SuSE Enterprise Linux Server 10.x v2.0
  • CIS Benchmark for SUSE Linux Enterprise 11.x, v2.1.0
  • CIS Benchmark for Sybase ASE 15.0, v1.1.0
  • CIS Benchmark for Ubuntu 12.04 LTS Server, v1.1.0
  • CIS Benchmark for Ubuntu Linux 14.04 LTS, v2.1.0
  • CIS Benchmark for Ubuntu Linux 16.04 LTS, v1.1.0
  • CIS Benchmark for VMware ESXi 5.5, V1.2.0
  • CIS Benchmark for Windows 8.1 Workstation, v2.3.0
  • CIS Benchmark for Windows XP, v2.0.1
  • CIS Microsoft Windows Server 2016, v1.0.0
  • Compliance Checklist for MAS IBTRM (Monitory Authority of Singapore – Internet Banking and Technology Risk Management) Guidelines 3.0
  • DISA Security Technical Implementation Guide (STIG) for IBM WebSphere Traditional V9.x, V1R1
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 5, V1R16
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6, V1R21
  • DISA Security Technical Implementation Guide (STIG) for Windows 10, V1R16
  • DISA Security Technical Implementation Guide (STIG) for Windows 7, V1R29
  • DISA Security Technical Implementation Guide (STIG) for Windows 8.1, V1R20
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 (non-R2) DC, V6R42
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 (non-R2) MS, V6R41
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 DC, V1R29
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 MS, V1R28
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2) DC, V2R15
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2) MS, V2R14
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 DC, V2R15
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 MS, V2R14
  • HITRUST Cyber Security Framework (CSF) for Linux, Version 8.1
  • HITRUST Cyber Security Framework (CSF) for VMware, Version 8.1
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows 10 version 1511
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows 7
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows 8
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows 8.1
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2008 Member Server
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 Domain Controller
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 Member Server
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 R2 [Domain Controller]
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 R2 [Member Server]
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2016 [Domain Controller]
  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2016 [Member Server]
  • NERC CIPv5 for Windows
  • NIST 800-53 Rev 4 for Database
  • NIST 800-53 Rev 4 for Linux
  • NIST 800-53 Rev 4 for Microsoft Windows
  • Qualys – Security Configuration and Compliance Policy for SAP Adaptive Server Enterprise 16.0
  • Qualys Policy for Security Control Validation on Windows Platform
  • Security and compliance policy for IBM WebSphere Application Server Version 7.x
  • Security and compliance policy for Oracle WebLogic Server 11g and 12c
  • Security Configuration and Compliance Policy for Amazon Linux 2017
  • Security Configuration and Compliance policy for Apache Tomcat 9
  • Security Configuration and Compliance Policy for Apple macOS 10.14
  • Security Configuration and Compliance Policy for Checkpoint Firewall
  • Security Configuration and Compliance Policy for Cisco IOS 12.x, v1.0
  • Security Configuration and Compliance Policy for Cisco IOS XE
  • Security Configuration and Compliance Policy for Cisco NX OS
  • Security Configuration and Compliance Policy for for Oracle Enterprise Linux 5
  • Security Configuration and Compliance Policy for IBM DB2 11.x
  • Security Configuration and Compliance Policy for IBM WebSphere 8.x
  • Security Configuration and Compliance Policy for Juniper Junos 12.x
  • Security Configuration and Compliance Policy for Juniper Junos 13.x
  • Security Configuration and Compliance Policy for Juniper Junos 14.x
  • Security Configuration and Compliance Policy for Juniper Junos 15.x
  • Security Configuration and Compliance Policy for Microsoft Windows 10 (Version 1809)
  • Security Configuration and Compliance Policy for OpenSUSE 13
  • Security Configuration and Compliance Policy for Pivotal TC Server 3.x
  • Security Configuration and Compliance Policy for SELinux
  • Security Configuration and Compliance Policy for SUSE Linux Enterprise Server 15
  • Security Configuration and Compliance Policy for vFabric TC Server 2.9.x
  • United States Government Configuration Baseline (USGCB) for Microsoft Windows 10
  • United States Government Configuration Baseline (USGCB) for Microsoft Windows 7
  • VMWare vSphere Security Hardening Guide for ESXi 4.x
  • VMWare vSphere Security Hardening Guide for ESXi 5.x
  • VMWare vSphere Security Hardening Guide for ESXi 6.x

Note: The XML tags in these policies were updated with refreshed date for internal migration-specific purposes and the changes do not impact the customer environment in any way.

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:
New Coverage:

  • CIS Benchmark for Microsoft SQL Server 2017 Benchmark v1.0.0
  • CIS Benchmark for Microsoft SQL Server 2014 v1.4.0
  • CIS Benchmark for Microsoft SQL Server 2016 v1.1.0
  • CIS Benchmark for Microsoft SQL Server 2012 v1.5.0
  • CIS Benchmark for Microsoft Windows 10 Release 1809

 

If you have any questions, please contact your TAM or Technical Support. See all library updates.

Leave a Reply