Qualys Blog

www.qualys.com
Tim White

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

This release includes new policies and updates covering: Docker, Oracle Enterprise Linux, Red Hat Enterprise Linux, and Windows Server 2012 R2.

New CIS Benchmarks

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

Qualys’ Certification Page at CIS has been updated.

Recent additions to the policy library include the following certified CIS Benchmarks:

  • CIS Benchmark for Docker 1.12.0, v1.0.0
  • CIS Benchmark for Docker 1.11.0, v1.0.0
  • CIS Benchmark for Oracle Enterprise Linux 6, v1.0.0
  • CIS Benchmark for Oracle Linux 7, v2.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 6, v2.0.2
  • CIS Benchmark for Red Hat Enterprise Linux 7, v2.1.1

For additional help with CIS benchmarks for Docker, see Scanning Docker with Qualys Policy Compliance.

Updated Library Policies

  • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 R2 [Domain Controller]
  • CIS Benchmark for Microsoft Windows Server 2012 R2, v2.2.0

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

  • CIS benchmarks for:
    • Cent OS Linux 6 Benchmark v2.0.2
    • Cent OS Linux 7 Benchmark v2.1.1
    • Microsoft Windows Server 2008 R2 v3.0.1
    • Microsoft Windows Server 2012 R2 v2.2.1
  • Microsoft SCM for Windows Server 2016
  • DISA STIG policies for:
    • Windows 2012 R2 Member Server and Domain Controller
    • Windows 2012 Member Server and Domain Controller (non-R2)
    • Windows 7
    • Windows 2008 R2 Member Server and Domain Controller

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

Leave a Reply