Back to qualys.com

Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

This release includes the following new policy and updates:

  • New policies for Apple OS X, Splunk, and Windows 10 1709
  • New versions of already supported CIS Benchmarks and DISA STIGs
  • Updates to controls and technology coverage in existing library policies

Qualys’ Certification Page at CIS has been updated.

New Industry and Best Practice Policies

  • Security Configuration and Compliance Policy for Apple OS X 10.13
  • Security Configuration and Compliance Policy for Splunk 6 & 7 on Linux
  • Security Configuration and Compliance policy for Microsoft Windows 10 (Version 1709)

Updated Library Policies

  • CIS Benchmark for CentOS Linux 6, v2.1.0
  • CIS Benchmark for CentOS Linux 7, v2.2.0
  • CIS Benchmark for Oracle Linux 6, v1.1.0
  • CIS Benchmark for Oracle Linux 7, v2.1.0
  • CIS Benchmark for Red Hat Enterprise Linux 6, v2.1.0
  • CIS Benchmark for Red Hat Enterprise Linux 7, v2.2.0
  • CIS Benchmark for Ubuntu Linux 16.04 LTS, v1.1.0
  • CIS Benchmark for Google Chrome, v1.2.0
  • DISA Security Technical Implementation Guide (STIG) for Windows 10, V1R12
  • DISA Security Technical Implementation Guide (STIG) for Windows 7, V1R29
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 (non-R2) MS, V6R39
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 DC, V1R25
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2008 R2 MS, V1R25
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2) MS, V2R11
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 MS, V2R11
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 DC, V1R3
  • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 MS, V1R3
  • DISA Security Technical Implementation Guide (STIG) for Internet Explorer 11, V1R14
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 5, V1R16
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 6, V1R18
  • Library Policies with minor control / technology changes:
    • CIS Benchmark for Microsoft Windows Server 2008, v3.0.1
    • CIS Benchmark for Microsoft Windows Server 2008 R2, v3.0.1
    • CIS Benchmark for Microsoft Windows Server 2012 R2, v2.2.1
    • CIS Benchmark for VMware ESXi 5.5, v1.2.0
    • Abu Dhabi Systems and Information Centre – Information Security Standards (Abu Dhabi Government) Version 2.0
    • Australian Signals Directorate (ASD) Top 4 Strategies (Mitigate Targeted Cyber Intrusions) for Windows
    • HITRUST Cyber Security Framework (CSF) for VMware, Version 8.1

New Technology Support

  • JunOS 14, 15
  • Windows Workstation Embedded 7, 8, 8.1

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Technologies (via Qualys Platform 8.15 Release):

  • Jboss/Wildfly
  • MariaDB
  • DB2 11.x

New Coverage:

  • CIS Benchmark for Oracle MySQL Enterprise Edition 5.6 Benchmark v1.1.0
  • CIS Benchmark for Oracle MySQL Enterprise Edition 5.7 Benchmark v1.1.0
  • DISA STIG Windows Server 2008 (non-R2) Domain Controller V6R39
  • DISA STIG Windows Server 2012 R2 Domain Controller V2R11
  • DISA STIG Windows Server 2012 (non-R2) Domain Controller V2R11
  • DISA STIG Windows 8-8.1 V1R20
  • Qualys Policy for Security Configuration and Compliance Policy for Amazon Linux 2 LTS Release

Updates:

  • CIS Benchmark for Oracle Database Server 11-11g R2, v1.0.0
  • CIS Benchmark for Oracle Solaris 11, v1.1.0
  • CIS Benchmark for Microsoft SQL Server 2012, v1.4.0
  • CIS Benchmark for Microsoft Windows 10 Enterprise (Release 1703), v1.3.0
  • CIS Benchmark for Windows 7 Workstation, v3.1.0
  • CIS Benchmark for Windows 8.1 Workstation, v2.3.0
  • CIS Benchmark for Windows 2012 R2, v2.3.0
  • DISA Security Technical Implementation Guide (STIG) for Red Hat Enterprise Linux 7, V1R4

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

Leave a Reply