Qualys Policy Compliance Notification: Policy Library Update

Qualys’ library of built-in policies makes it easy to comply with the security standards and regulations that are most commonly used and adhered to. Qualys provides a wide range of policies, including many that have been certified by CIS as well as the ones based on security guidelines from OS and application vendors and other industry best practices.

In order to keep up with the latest changes in security control requirements and new technologies, Qualys publishes new content to the Policy Library every month.

The September and October releases include the following new policies and updates:

  • New CIS Benchmark for Palo Alto Firewall 8, IBM DB2 9.x, IBM DB2 10.x, and Oracle 12c
  • New Industry and Best Practices policies for IBM DB2 11.x, MariaDB 10.x, Microsoft Windows, and Microsoft SQL Server 2017
  • Updates to several existing library policies

Qualys’ Certification Page at CIS has been updated.

New Technologies

  • Microsoft SQL Server 2017
  • MariaDB 10.x
  • IBM DB2 11.x
  • JBoss/Wildfly EAP

New Industry and Best Practice Policies

  • Qualys Security Configuration and Compliance Policy for IBM DB2 11.x
  • NIST 800-53 Rev 4 for Microsoft Windows
  • Qualys Security Configuration and Compliance Policy for MariaDB 10.x
  • Qualys Security and Configuration Policy for Microsoft SQL Server 2017

New CIS Benchmarks

CIS Benchmarks are developed through consensus, providing an industry recognized collection of best practice controls. Qualys is committed to broad coverage of the CIS Benchmarks and regularly releases certified policies as well as contributing to the development of new benchmarks through the CIS Community.

  • CIS Benchmark for Palo Alto Firewall 8 v1.0.0
  • CIS Benchmark for Oracle Database 12c v2.1.0
  • CIS Benchmark for IBM DB2 9.x v3.0.1
  • CIS Benchmark for IBM DB2 10.x v1.1.0

Updated Library Policies

  • Control configuration changes in the following library policies:
    • Abu Dhabi Systems and Information Centre – Information Security Standards (Abu Dhabi Government) Version 2.0 [Implemented in the October Update]
    • Australian Signals Directorate (ASD) Top 4 Strategies (Mitigate Targeted Cyber Intrusions) for Windows
    • CIS Benchmark for Microsoft Windows Server 2016, v1.0.0
    • VMWare vSphere Security Hardening Guide for ESXi 6.x
    • CIS Benchmark for HP-UX 11i, v1.5.0
  • Control ID changes in the following library policies:
    • CIS Benchmark for IBM AIX 6.1, v1.1.0
    • CIS Benchmark for IBM AIX 7.1, v1.1.0
    • Adobe Common Controls Framework for Microsoft Windows
    • Australia Information Security Manual (Information Technology Security) for Windows
    • DISA Security Technical Implementation Guide (STIG) for Windows 8.1, V1R20
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2) DC, V2R11
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 (non-R2) MS, V2R11
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 DC, V2R11
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2012 R2 MS, V2R11
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 DC, V1R3
    • DISA Security Technical Implementation Guide (STIG) for Windows Server 2016 MS, V1R3
    • Abu Dhabi Systems and Information Centre – Information Security Standards (Abu Dhabi Government) Version 2. [Implemented in the September Update]
    • NERC CIPv5 for Windows
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows Server 2012 R2 [Member Server]
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows 7
    • CIS Benchmark for Microsoft Windows 8, v1.0.0
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows 8
    • Microsoft Security Compliance Manager (SCM) Baseline for Windows 8.1
    • CIS Benchmark for Microsoft Windows XP, v2.0.1
  • Added extended controls support in the following library policies:
    • NIST 800-53 Rev 4 for Microsoft Windows

Coming Next Month

The following policies and updates are currently planned for release to the policy library next month:

New Coverage:

  • BPP for OS Controls on SAP HANA on SuSE 12
  • CIS Benchmark for PostgreSQL 9.5, v1.0.0
  • CIS Benchmark for Windows 10 Release 1709 v1.4.0
  • Security Configuration and Compliance Policy for Mac OS X 10.14
  • Qualys Security Configuration and Compliance Policy for JBOSS/Wildfly
  • Qualys Security Configuration and Compliance Policy for Debian 9
  • Qualys Security Configuration and Compliance Policy for Microsoft Windows 10 (version 1803)

Updates:

  • CIS Benchmark for Apache HTTP 2.2, v3.5.0
  • CIS Benchmark for Apache HTTP 2.4, v1.4.0t
  • CIS Benchmark for MAC OSX 10.13

Technology Roadmap:

  • Debian 9.x

If you have any questions, please contact your TAM or Technical Support.  See all library updates.

Leave a Reply