20.12 (L1) Ensure 'Unnecessary websites are blocked'

Information

This setting ensures that all websites except those that are needed to transfer data to/from the EMS Gateway and to receive updates are blocked on the system.

Blocking unnecessary websites on the Elections Management Systems (EMS) Gateway can help mitigate against web-based attacks.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To establish the recommended configuration via GP, set the following (based on browser used) UI paths to block all with exceptions

Microsoft Edge

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Block access to a list of URLs Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Define a list of allowed URLs

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft

here

.

Google Chrome

Computer Configuration\Policies\Administrative Templates\Classic Administrative Templates (ADM)\Google\Google Chrome\Block access to a list of URLs Computer Configuration\Policies\Administrative Templates\Classic Administrative Templates (ADM)\Google\Google Chrome\Allow access to a list of URLs

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template Chrome.adm that can be downloaded from

here

.

Impact:

Users will not be able to access websites that are not on the allowlist.

See Also

https://workbench.cisecurity.org/benchmarks/17610

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(3), 800-53|SC-7(4), CSCv7|7.4

Plugin: Windows

Control ID: ff87c9817f3d36999d2f0b6b4e7b53f59fbda8039eef6e0d95a464ea80142e70