Policy Compliance Library Updates, May 2020

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The May release includes support for new technologies, 3 CIS Benchmark policies, 3 DISA STIG policies, 11 Industry and Best Practice policies, and provides updates to several existing policies in the Qualys Content Library.

Qualys’ Certification Page at CIS has been updated.

New Technology Support

  • Pivotal Greenplum 5.x
  • Pivotal Greenplum 6.x
  • Palo Alto PAN OS 9.x
  • Microsoft Office 2019

New CIS Benchmark Policy

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to providing broad coverage of the CIS Benchmarks with regular releases of CIS certified policies in Policy Compliance and by contributing to the development of new benchmarks through the CIS Community.

This release contains the following new CIS Benchmark policies:

  • CIS Benchmark for Palo Alto Firewall 9 v1.0.0
  • CIS Benchmark for Cisco IOS 16 XE v1.0.0
  • CIS Benchmark for Windows Server 2019 Release 1809 v1.1.0

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance policy for Pivotal Greenplum 5.x
  • Qualys Security Configuration and Compliance policy for Pivotal Greenplum 6.x
  • Qualys Security Configuration and Compliance policy for SharePoint Server 2010
  • Qualys Security Configuration and Compliance policy for SharePoint Server 2013
  • Qualys Security Configuration and Compliance policy for Microsoft Access 2019
  • Qualys Security Configuration and Compliance policy for Microsoft Excel 2019
  • Qualys Security Configuration and Compliance policy for Microsoft Exchange Server 2010
  • Qualys Security Configuration and Compliance policy for Microsoft Office 2019
  • Qualys Security Configuration and Compliance policy for Microsoft Outlook 2019
  • Qualys Security Configuration and Compliance policy for Microsoft PowerPoint 2019
  • Qualys Security Configuration and Compliance policy for Microsoft Word 2019

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) policy for MongoDB Enterprise Advanced 3.x V1R1
  • DISA Security Technical Implementation Guide (STIG) policy for Red Hat Enterprise Linux 6, V1R24
  • DISA Security Technical Implementation Guide (STIG) policy SUSE Enterprise Linux 12 V1R5 – Partial Coverage

Deprecated Policies

The following policies are deprecated in the April 2020 package:

  • CIS Benchmark for Microsoft Windows 2019, v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for RHEL 6, V1R21
  • DISA Security Technical Implementation Guide (STIG) for MS Windows Server 2012 non-R2 DC Version 2 Release 15
  • DISA Security Technical Implementation Guide (STIG) for MS Windows Server 2012 R2 DC Version 2 Release 15
  • DISA Security Technical Implementation Guide (STIG) for MS Windows Server 2012 non-R2 MS version 2 Release 14
  • DISA Security Technical Implementation Guide (STIG) for MS Windows Server 2012 R2 MS version 2 Release 14
  • DISA Security Technical Implementation Guide (STIG) for Ubuntu 16 v1 r2
  • Security Configuration and Compliance Policy for Cisco IOS XE

Updated Library Policies

  • Policy update to add support for new DISA STIG standard:
    • DISA Security Technical Implementation Guide (STIG) for Ubuntu 16, V1R3
  • Policy update for additional technology support:
    • Security Configuration and Compliance Policy for Splunk on Linux
  • Policy update for CID changes:
    • CIS Benchmark for Red Hat Enterprise Linux 7, v2.2.0
    • Microsoft Security Baseline for Windows 10 version 1809
    • CIS Benchmark for IBM AIX 6.1, v1.1.0
  • Policy update for control configuration changes:
    • DISA Security Technical Implementation Guide (STIG) policy for Windows 2012 R2 and non-R2 DC Version 2 Release 19
    • DISA Security Technical Implementation Guide (STIG) policy for Windows 2012 R2 and non-R2 MS Version 2 Release 17

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • CIS Benchmark for Mac OSX 10.15
  • CIS Benchmark for Windows Server 2008 R2, v3.2.0
  • CIS Benchmark for Debian Linux 10 v1.0.0
  • CIS Benchmark for Amazon Linux 2 STIG Benchmark v1.0.0
  • CIS Benchmark for Mac OSX 10.14
  • CIS Benchmark for Microsoft Windows Server 2012 (non-R2) v2.2.0
  • CIS Benchmark for Microsoft Windows Server 2012 R2 v2.4.0
  • DISA Security Technical Implementation Guide (STIG) policy for HP-UX 11.31 V1R19 in Policy Compliance
  • DISA Security Technical Implementation Guide (STIG) policy for Oracle Linux 7 Version 1 Release 1
  • Oracle Linux 6 STIG – Ver 1, Rel 17

Policy Updates:

  • DISA Security Technical Implementation Guide (STIG) policy for Windows 10 Version 1 Release 21
  • DISA Security Technical Implementation Guide (STIG) policy for Cisco IOS XE NDM Version 1 Release 2
  • DISA Security Technical Implementation Guide (STIG) policy for Cisco IOS XE RTR Version 1 Release 2
  • DISA Security Technical Implementation Guide (STIG) policy for Palo Alto Networks (IDPS), V1R4
  • DISA Security Technical Implementation Guide (STIG) policy for Palo Alto Networks Network Device Management (NDM), V1R4
  • DISA Security Technical Implementation Guide (STIG) policy for Palo Alto Networks Application Layer Gateway (ALG), V1R5

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

Leave a Reply