Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.
In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.
New CIS Benchmarks
CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.
See the new updates on Qualys’ Certification Page at CIS.
Recent additions to the policy library include the following certified CIS Benchmarks:
- CIS Benchmark for Apple OS X 10.11, v1.0.0
- CIS Benchmark for IBM DB2 10.x for Microsoft Windows, v.1.0.0
- CIS Benchmark for IBM DB2 10.x for Unix and Linux, v.1.0.0
- CIS Benchmark for Oracle Database 12c for Microsoft Windows, v1.2.0
- CIS Benchmark for Oracle Database 12c for Unix and Linux, v1.2.0
New Qualys Recommended, Vendor Recommended, or Mandate-Based Policies
- Australia Information Security Manual (Information Technology Security) for Windows
- Australian Signals Directorate (ASD) Top 4 Strategies (Mitigate Targeted Cyber Intrusions) for Windows
- Security Configuration and Compliance Policy for Cisco Firewall Devices (ASA 9.x)
- Security Configuration and Compliance Policy for OpenSUSE 13
- SANS/CIS Top 20 Critical Security Controls for Windows
Updated Library Policies
- CIS Benchmark for CentOS Linux 6, v1.0.0
- CIS Benchmark for IBM DB2 9.x for Unix and Linux, v1.2.0
- CIS Benchmark for IBM DB2 9.x for Microsoft Windows, v1.2.0
- CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1507), v1.0.0, 11-30-2015
- CIS Benchmark for Microsoft Windows Server 2012 R2, v2.1.0, 11-02-2015
- CIS Benchmark for Oracle Database 11gR2 for Unix and Linux, V2.0.0
- CIS Benchmark for Oracle Database 11gR2 for Microsoft Windows, V2.0.0
- CIS Benchmark for Red Hat Enterprise Linux 6, v1.3.0
- CIS Benchmark for SuSE Linux Enterprise Server 11.x, v1.1.0
- CIS Benchmark for SUSE Linux Enterprise Server 12 v1.0.0
- PCI-DSS (Payment Card Industry Data Security Standard) v3.0
If you have any questions, please contact your TAM or Technical Support.