Back to qualys.com
Tim White

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

This release includes the following new policy and updates:

  • CID 3777 and 3781 will be removed in 30 days and have newer replacement controls.
  • CIS Benchmark coverage for Network Devices including Cisco Firewall ASA, Palo Alto Firewall, Cisco NX-OS, JunOS 12/13
  • CIS for Oracle 11gR2, 12c, and Microsoft Windows 10 r1607/r1703
  • Adobe Common Controls Framework for Google Chrome and Microsoft Internet Explorer
  • Refresh of several DISA STIG and CIS Benchmarks to latest versions
  • Updated control settings in mandate-based policies

Important Control Update Notification

The Following controls have been replaced with newer controls and have been marked as deprecated for at least one year. These controls will be disabled in 30 days. Policies leveraging these controls have been flagged when they were deprecated. If they remain in use, you will be prompted to replace the controls with their newer replacement controls.

  • CID 3777 – Status of the local ‘Guest’ account (enabled/disabled) has been deprecated and will be replaced with CID 8364 – Status of the local ‘Guest’ account (enabled/disabled)
  • CID 3781 – Status of the local ‘Administrator’ account has been deprecated and will be replaced with CID 8365 – Status of the local Administrator account (enabled/disabled)

New CIS Benchmarks

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

  • CIS Benchmark for Cisco Firewall ASA 8.x and 9.x, v4.1.0
  • CIS Benchmark for Palo Alto Firewall 7, v1.0.0
  • CIS Benchmark for Oracle Database 11gR2 on Windows and Linux, V2.2.0
  • CIS Benchmark for Oracle Database 12c on Windows and Linux, V2.0.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1607), v1.2.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0

Qualys’ Certification Page at CIS has been updated.

New Industry & Best Practice Policies

  • Security Configuration and Compliance Policy for Cisco NX OS
  • Security Configuration and Compliance Policy for Juniper Junos 12.x and 13.x
  • Adobe Common Controls Framework for Google Chrome and Microsoft Internet Explorer

Updated Library Policies

  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1607), v1.2.0
  • CIS Benchmark for Oracle Solaris 10, v5.2.0
  • CIS Benchmark for Oracle Solaris 11, v1.1.0
  • CIS Benchmark for Red Hat Enterprise Linux 5, v2.2.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise RTM (Release 1511), v1.1.0
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V1R1
  • Health Insurance Portability and Accountability (HIPAA) – Security Rule Standards and Implementation Specifications
  • HITRUST Cyber Security Framework (CSF) for Network devices, Version 8.1
  • NIST Cyber Security Framework (CSF) v1.0

New Technology Support

  • Debian Linux 9.x
  • Amazon Linux 2

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Policies:

  • Qualys Policy for Windows 10 Release 1709
  • Qualys Policy for MacOS 10.13

Updates:

  • Refresh to latest versions of:
    • DISA STIG for RHEL 5 v1r16
    • CIS for Oracle Linux 6, 7
    • CIS for RHEL 6, 7
    • CIS for centOS 6,7
    • CIS for Ubuntu Linux 14.04/16.04
  • Expanded Coverage for:
    • DISA STIG for Windows 2016 v1r3
    • CIS for Google Chrome on Windows 8.1
  • Update control requirements for CID 2605, 2587 for Windows 2008 in CIS, DISA, and other affected mandate-based policies
  • Update control 7355 with CID 4501 for CIS Benchmarks for 2008 R2 and 2012 R2

Upcoming Technology Support:

  • MS SQL Server 2017
  • Windows Embedded OS

If you have any questions, please contact your TAM or Technical Support. See all library updates.

 

Leave a Reply