Back to qualys.com
Tim White

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from vendors such as Microsoft and VMware.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

This release includes the following new policies and updates:

  • New CIS policy for Palo Alto Firewall 7 and Microsoft Windows 10 Enterprise Release 1607
  • New mandate-based policies Adobe Common Controls Framework for Microsoft Windows, and HITRUST for VMware & Network Devices
  • Several updates to existing library policies

New CIS Benchmarks

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

Qualys’ Certification Page at CIS has been updated.

  • CIS Benchmark for Palo Alto Firewall 7, v1.0.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise Release 1607 Benchmark v1.2.0
Best Practices, Mandate-Based, and Vendor Recommended Policies
  • Adobe Common Controls Framework for Microsoft Windows
  • HITRUST Cyber Security Framework (CSF) for Network devices, Version 8.1
  • HITRUST Cyber Security Framework (CSF) for Vmware, Version 8.1
Updated Library Policies
  •  Fix for ‘No guest found’ checkbox in control 8976 for the following policies:
    • CIS – VMware ESXi 5.5, V1.2.0
    • VMWare vSphere Security Hardening Guide for ESXi 6.x
    • NIST Cyber Security Framework (CSF) v1.0
    • Health Insurance Portability and Accountability (HIPAA) – Security Rule Standards and Implementation Specifications
  • Replaced control 1433 with control 4133 in CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511), v1.1.0
  • Fix for file ownership and permission-related controls in HITRUST Cyber Security Framework (CSF) for Linux, Version 8.1
  • Removed control 1393 from Windows 2008 technology in the following mandate based policies, as it is not applicable to that technology:
    • Australia Information Security Manual (Information Technology Security) for Windows
    • Australian Signals Directorate (ASD) Top 4 Strategies (Mitigate Targeted Cyber Intrusions) for Windows
    • Health Insurance Portability and Accountability Act (HIPAA) for Windows 2008, Windows 2012, Windows 7
    • ISO/IEC 27001:2013 for Windows v.1.0
    • Abu Dhabi Systems and Information Centre – Information Security Standards (Abu Dhabi Government) Version 2.0
    • NERC CIPv5 for Windows
    • SANS/CIS Top 20 Critical Security Controls for Windows
  • Replaced control 12104 with Control 1382 in CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703)
  • Updated version of DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6, V1R15.
Coming Next Month

The following policies and updates are currently planned for release to the policy library next month.

New Policies:
  • Security Configuration and Compliance Policy for Cisco NX-OS
  • Security Configuration and Compliance Policy for JunOS 12 and 13
  • Adobe Common Controls Framework (CCF) for Internet Explorer and Chrome
Updates:
  • Granular policies with Level 1/Level 2 controls for Palo Alto
  • Consolidated policies for Windows 10 1703, 1607
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V1R1
  • Control Updates for library policies as needed each release cycle

If you have any questions, please contact your TAM or Technical Support.

See Also: all library updates.

Leave a Reply