Information
URL filters should not specify any categories as Allow Categories.
Rationale:
Setting a URL filter to have one or more entries under Allow Categories will cause no log entries to be produced in the URL Filtering logs for access to URLs in those categories. For forensic, legal, and HR purposes, it is advisable to log access to every URL. In many cases failure to log all URL access is a violation of corporate policy, legal requirements or regulatory requirements.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Navigate to Objects > Security Profiles > URL Filtering.
Set the Allow Categories column so that it is blank.
Default Value:
Not Configured