6.10 Ensure that URL Filtering uses the action of 'block' or 'override' on the URL categories

Information

Ideally, deciding which URL categories to block, and which to allow, is a joint effort between IT and another entity of authority within an organization, such as the legal department or administration. For most organizations, blocking or requiring an override on the following categories represents a minimum baseline: adult, hacking, malware, phishing, and proxy-avoidance-and-anonymizers.
Rationale:
Certain URL categories pose a technology-centric threat, such as malware, phishing, hacking, and proxy-avoidance-and-anonymizers. Users visiting websites in these categories, many times unintentionally, are at greater risk of compromising the security of their system. Other categories, such as adult, may pose a legal liability.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Navigate to Objects > Security Profiles > URL Filtering.
Set a URL filter so that all URL categories designated by the organization are listed in Block Categories or Override Categories.
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/1664

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(2), CSCv6|7.6

Plugin: Palo_Alto

Control ID: e6f01160ee87b4dbd9444ac1ba762c69ae7f1a7ff459ff24e4edaf361b2eb6f5