Qualys Blog

www.qualys.com
Tim White

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

This release includes the following new policies and updates:

  • New CIS Benchmarks for Amazon Linux, Apple OS X, Microsoft SQL Server, Microsoft Windows, and Ubuntu Linux
  • New DISA STIG policy for Windows Server 2016
  • New Best Practice Policies for Amazon Linux, PostGRE SQL, and HITRUST CSF
  • Several updates to existing CIS Certified benchmarks

New CIS Benchmarks

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

Qualys’ Certification Page at CIS has been updated.

Recent additions to the policy library include the following certified CIS Benchmarks:

  • CIS Benchmark for Amazon Linux 2016, v2.0.0
  • CIS Benchmark for Apple OS X 10.12, v1.0.0
  • CIS Benchmark for Microsoft SQL Server 2012, v1.4.0
  • CIS Benchmark for Microsoft SQL Server 2014, v1.3.0
  • CIS Benchmark for Microsoft SQL Server 2016, v1.0.0
  • CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.0.1
  • CIS Benchmark for Ubuntu 16.04 LTS, v1.0.0
  • CIS Benchmark for Microsoft Windows Server 2012 non-R2, v2.0.1

New DISA STIG Policies

  • DISA Security Technical Implementation Guide (STIG) Windows Server 2016 MS, V1R1

New Security & Compliance Best Practice Policies

  • HITRUST Cyber Security Framework (CSF), Version 8.1
  • Security Configuration and Compliance Policy for Amazon Linux 2017
  • Security Configuration and Compliance Policy for PostgreSQL 9.x

Updated Library Policies

  • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.0.1
  • CIS Benchmark for Oracle Database Server 11-11g R2, v1.0.0
  • CIS Benchmark for Microsoft Windows Server 2012 R2, v2.2.1
  • CIS Benchmark for Oracle Database 11gR2 for Unix and Linux, V2.0.0
  • CIS Benchmark for Oracle Database 11gR2 for Microsoft Windows, V2.0.0
  • CIS Oracle Database 12c Benchmark for Microsoft Windows, v1.2.0
  • CIS Oracle Database 12c Benchmark for Unix and Linux, v1.2.0
  • CIS Benchmark for Oracle Enterprise Linux 6, v1.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 6, v2.0.2

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Policies:

  • United States Government Configuration Baseline (USGCB) for Microsoft Windows 10
  • United States Government Configuration Baseline (USGCB) for Microsoft Windows 7
  • CIS benchmark for Windows 2008 (non-R2) – v3.0.1
  • CIS policy for SUSE Enterprise Linux 12, v2.0.0
  • CIS Benchmark for Docker 1.13.0, v1.0.0

Updates:

  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 MS, V2R7
  • CIS Benchmark for Apache Tomcat 6.0 v1.0.0
  • CIS Benchmark for Apache Tomcat 7 v.1.1.0
  • CIS Oracle Linux 6 Benchmark v1.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 6, v2.0.2

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

Leave a Reply