Policy Compliance Library Updates, March 2020

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The March release introduces 3 CIS Benchmark policies, 6 DISA STIG policies, and provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

New CIS Benchmark Policies

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and by contributing to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

  • CIS Benchmark for Fedora 28 Family Linux v1.0.0
  • CIS Benchmark for Windows 10 Enterprise Release 1903 v1.7.1
  • CIS Benchmark for Windows 10 Enterprise Release 1909 v1.8.1

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) for Google Chrome, V1R18
  • DISA Security Technical Implementation Guide (STIG) for Internet Explorer 11, V1R18
  • DISA Security Technical Implementation Guide (STIG) for Mozilla Firefox, V4R28
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Database, V1R5
  • DISA Security Technical Implementation Guide (STIG) for Microsoft SQL Server 2016 Instance, V1R8
  • DISA Security Technical Implementation Guide (STIG) for PostgreSQL 9.x, V1R6

Deprecated Policies

The following policies are deprecated in the March 2020 package:

  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1903), v1.7.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1909), v1.8.0

Updated Library Policies

Policy re-release:

The following policies are re-released due to configuration control changes:

  • CIS Benchmark for Oracle Database 12c on Linux, V2.1.0
  • CIS Benchmark for Oracle Database 12c on Windows, V2.1.0
  • DISA Technical Implementation Guide (STIG) for Windows Server 2019 DC, V1R3
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2019 MS, V1R3
  • DISA Security Technical Implementation Guide (STIG) for Oracle Database 12c, V1R16
  • DISA Security Technical Implementation Guide (STIG) for Oracle Database 11.2g, V1R17
  • DISA Security Technical Implementation Guide (STIG) for Internet Explorer 10, V1R16
  • Security Configuration and Compliance Policy for Oracle Database 18c
  • Security Configuration and Compliance Policy for Oracle Database 19c
    • List of controls that need to update the control configuration:
      12501, 12453, 1127 , 12454, 1132 , 11446, 12502, 12455, 1125 , 11364, 1122 , 12493, 1118 , 11447, 12503, 12494, 1109 , 10603, 12504, 11460, 12518, 12495, 12519, 12496, 12534, 12535, 12599, 12600, 12615, 12616, 12002, 12617, 1069 , 12594, 1075 , 12595, 12596, 12597, 1077 , 11451, 12613, 12614, 12608, 12609 , 12610, 12611, 12005, 12612
    • List of controls added in the oracle 19c policy:
      12623, 12624, 14340, 14341, 14342, 14343, 14344, 14345, 14346, 14347, 14348, 14349, 14350, 14351, 14352, 14353, 14354, 14355, 14356, 14357, 14358, 14364, 14365, 14366, 14367, 14368, 14369, 14370, 14371, 14372, 14373, 14374, 14375, 14359, 14360, 14361, 14362, 14376, 14377

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage

  • CIS Benchmark for Microsoft SQL Server 2019 v1.0.0
  • CIS Benchmark for Microsoft SharePoint 2019 v1.0.0
  • CIS Benchmark for PostgreSQL12 v1.0.0
  • Qualys Security Configuration and Compliance Policy for IBM HTTP Server 9
  • Qualys Security Configuration and Compliance Policy for Palo Alto 9

Policy Updates

  • CIS Benchmark for Ubuntu Linux 18.04 LTS v2.0.1
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks (IDPS)
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks Network Device Management (NDM)
  • DISA Security Technical Implementation Guide (STIG) for Palo Alto Networks Application Layer Gateway (ALG)
  • DISA Security Technical Implementation Guide (STIG) for RHEL 7 Version 2 Release 6
  • DISA Security Technical Implementation Guide (STIG) for RHEL 6 Version 1 Release 24
  • DISA Security Technical Implementation Guide (STIG) for Ubuntu 16 Version 1 Release 3
  • DISA Security Technical Implementation Guide (STIG) for Windows 2008 R2 DC Version 1 Release 31
  • DISA Security Technical Implementation Guide (STIG) for Windows 2008 R2 MS Version 1 Release 30
  • DISA Security Technical Implementation Guide (STIG) for Windows 2016 Version 1 Release 10

 

If you have any questions, please contact your TAM or Technical Support. See all library updates.

Leave a Reply