Qualys Blog

www.qualys.com
Tim White

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

New CIS Benchmarks

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

Qualys’ Certification Page at CIS has been updated: https://benchmarks.cisecurity.org/membership/certified/qualys

Recent additions to the policy library include the following certified CIS Benchmarks:

  • CIS Benchmark for Microsoft Windows 8.1, v2.1.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1507), v1.0.0
  • CIS Benchmark for Microsoft Windows Server 2012 R2 Member Server, v2.1.0
  • CIS Benchmark for Microsoft Windows Server 2012 R2 Domain Controller, v2.1.0

New Mandate-Based and Vendor Recommended Policies

  • ISO/IEC 27002:2013 for Windows
  • NERC CIPv5 for Windows
  • NIST 800-53 Rev 4 for Microsoft Windows
  • VMWare vSphere Security Hardening Guide for ESXi 6.x

Updated Library Policies

  • CIS Benchmark for CentOS Linux 6, v1.0.0
  • CIS Benchmark for Oracle Solaris 10, v5.1.0
  • CIS Benchmark for Oracle Solaris 11, v1.1.0
  • ISO/IEC 27001:2005 (Domain 10) – Security Configuration and Compliance Policy for Windows
  • ISO/IEC 27001:2005 (Domain 11) – Security Configuration and Compliance Policy for Windows
  • ISO/IEC 27001:2005 (Domains 12, 13, 14 and 15) – Security Configuration and Compliance Policy for Windows
  • ISO/IEC 27001:2005 (Domain 7 and 8) – Security Configuration and Compliance Policy for Windows
  • NIST Cyber Security Framework (CSF) v1.0

If you have any questions, please contact your TAM or Technical Support.

Leave a Reply