Qualys Blog

www.qualys.com
Tim White

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with commonly adhered to security standards and regulations. Qualys provides a wide range of policies, including many that have been certified by CIS as well as ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library monthly.

This release includes new policies and updates covering:

  • New CIS versions for Apache HTTP Server, Solaris, Microsoft Windows 2016, centOS, Microsoft IIS, Oracle Linux, and Red Hat Enterprise Linux
  • New DISA STIG policies for Red Hat Enterprise Linux and Windows 2016
  • New Security & Configuration Policies for IIS, MS SQL Server 2016
  • New Mandate mappings for CIS Critical Security Controls & First Five CIS Controls
  • Several updates to minor versions for Vendor Recommended and CIS policies

New CIS Benchmarks

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

Qualys’ Certification Page at CIS has been updated.

Recent additions to the policy library include the following certified CIS Benchmarks:

  • CIS Benchmark for Apache HTTP Server 2.2 v3.4.0
  • CIS Benchmark for Apache HTTP Server 2.4 v1.3.0
  • CIS Benchmark for Oracle Solaris 10, v5.2.0
  • CIS Microsoft Windows Server 2016, v1.0.0
  • CIS Benchmark for CentOS Linux 6, v2.0.2
  • CIS Benchmark for CentOS Linux 7, v2.1.1
  • CIS Benchmark for Microsoft IIS 7.0, v1.8.0
  • CIS Benchmark for Microsoft IIS 7.5, v1.8.0
  • CIS Benchmark for Microsoft IIS 8.0, v1.5.0
  • CIS Benchmark for Microsoft IIS 8.5, v1.5.0
  • CIS Benchmark for Microsoft IIS 10, v1.0.0
  • CIS Benchmark for Oracle Linux 6, v1.0.0
  • CIS Benchmark for Oracle Linux 7, v2.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 6, v2.0.2
  • CIS Benchmark for Red Hat Enterprise Linux 7, v2.1.1

Recent additions to the policy library for DISA STIG Guidelines:

  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 5, V1R16
  • DISA Security Technical Implementation Guide (STIG) Red Hat Enterprise Linux 6, V1R15
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V1R1
  • DISA Security Technical Implementation Guide (STIG) Windows Server 2016 DC, V1R1
  • DISA Security Technical Implementation Guide (STIG) Windows Server 2016 MS, V1R1

New Security & Compliance Best Practice Policies

  • Security Configuration and Compliance Policy for IIS 10
  • Security Configuration and Compliance Policy for Microsoft SQL Server 2016

New Mandate Support

  • CIS Critical Security Controls (Top 20 v6)
  • First Five CIS Controls (First 5)

Updated Library Policies

  • CIS Benchmark for CentOS Linux 6, v2.0.2
  • CIS Benchmark for CentOS Linux 7, v2.1.1
  • CIS Benchmark for SuSE Enterprise Linux Server 11.x, v1.1.0
  • CIS Benchmark for SUSE Linux Enterprise Server 12 v1.0.0
  • CIS Benchmark for Ubuntu 12.04 LTS Server, v1.1.0
  • CIS Benchmark for Ubuntu 14.04 LTS Server, v1.0.0
  • DISA Security Technical Implementation Guide (STIG) for Windows 7, V1R26
  • DISA Security Technical Implementation Guide (STIG) for Windows 10, V1R8
  • DISA Security Technical Implementation Guide (STIG) for Windows 2008 (non-R2) MS, V6R35
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 DC, V1R21
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 MS, V1R21
  • DISA Security Technical Implementation Guide (STIG) Windows Server 2012 (non-R2) MS, V2R7
  • DISA Security Technical Implementation Guide(STIG)- Windows server 2012 R2 MS, V2R7

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month.

New Policies:

  • HITRUST Cyber Security Framework v8.1
  • CIS benchmark for Microsoft SQL Server 2016
  • CIS benchmark for Ubuntu 16
  • CIS benchmark for Sybase 15
  • CIS benchmark for Apple Mac OSX 10.12
  • Security Configuration and Compliance Policy for PostgreSQL 9.x
  • Security Configuration and Compliance Policy for Tomcat 8
  • Security Configuration and Compliance Policy for Sybase 16
  • Security Configuration and Compliance Policy for Cisco NX-OS
  • DISA Security Technical Implementation Guide (STIG) – Internet Explorer 10
  • DISA Security Technical Implementation Guide (STIG) – Internet Explorer 11
  • DISA Security Technical Implementation Guide (STIG) – Red hat Enterprise Linux 6 V1R15
  • DISA Security Technical Implementation Guide (STIG) – Red hat Enterprise Linux 5 V1R16

Updates:

  • CIS benchmark for SUSE Enterprise Linux 12, v2.0.0
  • CIS benchmark for Microsoft SQL Server 2014, v1.2.0
  • CIS benchmark for Windows Server 2008 (non-R2), v3.0.1
  • DISA Security Technical Implementation Guide (STIG) – Windows server 2016 V1R1
  • DISA Security Technical Implementation Guide (STIG) – Red hat Enterprise Linux 7 V1R1
  • DISA Security Technical Implementation Guide (STIG) – Red hat Enterprise Linux 6 V1R15
  • DISA Security Technical Implementation Guide (STIG) – Red hat Enterprise Linux 5 V1R16

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

 

Leave a Reply