Information
This setting ensures that all websites except those that are needed to transfer data to/from the EMS Gateway and to receive updates are blocked on the system.
Blocking unnecessary websites on the Elections Management Systems (EMS) Gateway can help mitigate against web-based attacks.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
To establish the recommended configuration via GP, set the following (based on browser used) UI paths to block all with exceptions
Microsoft Edge
Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Block access to a list of URLs Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Define a list of allowed URLs
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft
here
.
Google Chrome
Computer Configuration\Policies\Administrative Templates\Classic Administrative Templates (ADM)\Google\Google Chrome\Block access to a list of URLs Computer Configuration\Policies\Administrative Templates\Classic Administrative Templates (ADM)\Google\Google Chrome\Allow access to a list of URLs
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template Chrome.adm that can be downloaded from
here
.
Impact:
Users will not be able to access websites that are not on the allowlist.