6.13 Ensure secure URL filtering is enabled for all security policies allowing traffic to the Internet

Information

Apply a secure URL filtering profile to all security policies permitting traffic to the Internet. The URL Filtering profile may be applied to the security policies directly or through a profile group.
Rationale:
URL Filtering policies dramatically reduce the risk of users visiting malicious or inappropriate websites. In addition, a complete URL history log for all devices is invaluable when performing forensic analysis in the event of a security incident. Applying complete and approved URL filtering to outbound traffic is a frequent requirement in corporate policies, legal requirements or regulatory requirements.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To Set URL Filtering:
Navigate to Policies > Security > Security Profiles > URL Filtering.
Navigate to Objects > Security Profiles > URL Filtering.
Ensure there is a URL Filtering profile set to:
SOURCE: Name: Inside to Outside Zone: INSIDE Address: Any DESTINATION: Zone: OUTSIDE Address: ANY Application: ANY Service: ANY
Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/1664

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(4), CSCv6|7.6

Plugin: Palo_Alto

Control ID: 408d7b314e59c39a94853f51515f715516e9e6ad7f9a0955ec3c026c9b80f229