Qualys Blog

www.qualys.com
Tim White

Qualys Policy Compliance Notification: Policy Library Update

The Qualys library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

This release includes the following new policies and updates:

  • New CIS benchmarks for Docker
  • New policies for USGCB for Microsoft Windows
  • New best practice controls for reducing risk related to malware/ransomware
  • Several updates to existing Mandate-based, CIS and DISA STIG Policies

New CIS Benchmarks

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

Qualys Certification Page at CIS has been updated.

Recent Additions

Recent additions to the policy library include the following certified CIS Benchmarks:

  • CIS Benchmark for Docker 1.13.0 v1.0.0

New Security & Compliance Best Practice Policies

  • Best Practice Controls for Reducing Risk related to Malware/Ransomware
  • United States Government Configuration Baseline (USGCB) for Microsoft Windows 7 and Windows 10

Updated Library Policies

  • Health Insurance Portability and Accountability (HIPAA) – Security Rule Standards and Implementation Specifications
  • Abu Dhabi Systems and Information Centre – Information Security Standards (Abu Dhabi Government) Version 2.0
  • VMWare vSphere Security Hardening Guide for ESXi 6.x
  • NIST Cyber Security Framework (CSF) v1.0
  • PCI-DSS (Payment Card Industry Data Security Standard) v3.2
  • CIS Benchmark for Apache Tomcat 6.0 v1.0.0
  • CIS Benchmark for Apache Tomcat 7 v.1.1.0
  • CIS Benchmark for Oracle Enterprise Linux 6, v1.0.0
  • CIS Benchmark for Red Hat Enterprise Linux 6, v2.0.2
  • CIS Benchmark for SuSE Enterprise Linux Server 11.x, v1.1.0
  • CIS Policy for SUSE Enterprise Linux 12, v2.0.0
  • CIS Benchmark for Ubuntu 12.04 LTS Server, v1.1.0
  • CIS Benchmark for Ubuntu 14.04 LTS Server, v1.0.0
  • CIS Benchmark for VMware ESXi 5.5, V1.2.0
  • CIS Benchmark for Microsoft Windows Server 2008 (non-R2) – v3.0.1
  • DISA STIG Policy for RHEL 6 V1R15
  • DISA STIG Policy for Windows Server 2012 R2 Member Server V2R7
  • Security Configuration and Compliance Policy for OpenSUSE 13

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Policies:

  • CIS Benchmark for Red Hat Enterprise Linux 5, v2.2.0
  • CIS Benchmark for Apache Tomcat 8.x, v1.0.1
  • CIS Benchmark for MongoDB 3.4, v1.0.0
  • CIS Benchmark for Palo Alto Firewall
  • CIS Benchmark support for Internet Explorer 10 (v1.1.0)
  • CIS Benchmark support for Internet Explorer 11 (v1.0.0)
  • CIS Benchmark for Google Chrome
  • DISA STIG Policy for Internet Explorer 10 V1R15
  • DISA STIG Policy for Internet Explorer 11 V1R12
  • HiTRUST CSF v8.1 Mandate-based policy for Network Devices
  • HiTRUST CSF v8.1 Mandate-based policy for Linux

Updates:

  • CIS for Microsoft Windows 10 v1.2.0 and 1.3.0
  • CIS for Microsoft SQL Server 2008 R2, v1.5.0
  • DISA STIG Policy for Internet Explorer 11 V1R12

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

Leave a Reply