6.13 Ensure secure URL filtering is enabled for all security policies allowing traffic to the Internet

Information

Apply a secure URL filtering profile to all security policies permitting traffic to the Internet. The URL Filtering profile may be applied to the security policies directly or through a profile group.
Rationale:
URL Filtering policies dramatically reduce the risk of users visiting malicious or inappropriate websites. In addition, a complete URL history log for all devices is invaluable when performing forensic analysis in the event of a security incident. Applying complete and approved URL filtering to outbound traffic is a frequent requirement in corporate policies, legal requirements or regulatory requirements.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To Set URL Filtering
Navigate to Policies > Security > Security Profiles > URL Filtering
Navigate to Objects > Security Profiles > URL Filtering
Ensure there is a URL Filtering profile set to:
SOURCE: Name: Inside to Outside Zone: INSIDE Address: Any
DESTINATION: Zone: OUTSIDE Address: ANY Application: ANY Service: ANY
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/1780

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(4), CSCv6|7.6

Plugin: Palo_Alto

Control ID: df66adb10544391085d14374c2e7a91be7643cc94e5d7651bbe400da04b8d78d