Qualys Blog

www.qualys.com
Tim White

Qualys Policy Compliance Notification: Monthly Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with commonly-adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.  We are also expanding our coverage of mandate-based policies with out of the box coverage of industry and government regulations such as PCI and HIPAA.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

This month’s updates include:

  • New and Updated CIS Benchmarks: AIX 6, Red Hat Enterprise Linux 6, Oracle 11gR2, Mac OS X 10.8, Mac OS X 10.9

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls.  Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

    • CIS Benchmark for AIX 6.1, v1.1.0 [Scored, Level 1 and Level 2]
    • CIS Benchmark for AIX 6.1, v1.1.0 [Scored, Level 1]
    • CIS Benchmark for Red Hat Enterprise Linux 6, v1.3.0 [Scored, Level 1 and Level 2]
    • CIS Benchmark for Red Hat Enterprise Linux 6, v1.3.0 [Scored, Level 1]
    • CIS Benchmark for Oracle Database Server 11-11g R2, v1.0.0 [Scored]
    • CIS Benchmark for Apple Mac OS X 10.8, v1.1.0, [Scored, Level 1]
    • CIS Benchmark for Apple Mac OS X 10.8, v1.1.0, [Scored, Level 1 and Level 2]
    • CIS Benchmark for Apple Mac OS X 10.9, v1.0.0, [Scored, Level 1 and Level 2]
    • CIS Benchmark for Apple Mac OS X 10.9, v1.0.0, [Scored, Level 1]

Qualys’ Certification Page at CIS has been updated:  https://benchmarks.cisecurity.org/membership/certified/qualys

  • New Mandate-Based Policy: Abu Dhabi Systems and Information Centre – Information Security Standards (Abu Dhabi Government) Version 2.0

This Policy is based on the Security and Compliance Guidance provided by the ‘ABU DHABI SYSTEMS & INFORMATION CENTRE – Information Security Standards, version 2.0’.  The Abu Dhabi Information Security Standards document is intended to guide Entities and business partners in areas requiring focus for the application of Information Security controls. Adherence to the Control Standards supports Information Security controls being deployed consistently across Abu Dhabi Government Entities (ADGEs). The standard could be downloaded from the link: https://www.abudhabi.ae/cs/groups/public/documents/attachment/mzyy/ndiy/~edisp/adsic_nd_362422_en.pdf.
If you have any questions please contact your TAM or Technical Support.

Leave a Reply