8.1 Ensure 'SSL Forward Proxy Policy' for traffic destined to the Internet is configured - Invalid Categories

Information

Configure SSL Forward Proxy for all traffic destined to the Internet. Include all categories except financial-services and health-and-medicine.
Rationale:
Without SSL inspection, the firewall cannot apply many of its protection features against encrypted traffic. The amount of encrypted malware traffic continues to rise, and legitimate websites using SSL encryption are hacked or tricked into delivering malware on a frequent basis. As encryption on the Internet continues to grow at a rapid rate, SSL inspection is no longer optional as a practical security measure. If proper decryption is not configured, it follows that the majority of traffic is not being fully inspected for malicious content or policy violations. This is a major exposure, allowing delivery of exploits and payloads direct to user desktops.

Solution

Navigate to Policies > Decryption.
Set SSL Forward Proxy for all traffic destined to the Internet. Include all categories except financial-services and health-and-medicine.

Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/1664

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-7(9), CSCv6|12.5

Plugin: Palo_Alto

Control ID: e51ffd6158e3785e7dd6505fd303dc678a1c0a14d2bfbb129803f954df794854