6.13 Ensure secure URL filtering is enabled for all security policies allowing traffic to the Internet

Information

Apply a secure URL filtering profile to all security policies permitting traffic to the Internet. The URL Filtering profile may be applied to the security policies directly or through a profile group.
Rationale:
URL Filtering policies dramatically reduce the risk of users visiting malicious or inappropriate websites. In addition, a complete URL history log for all devices is invaluable when performing forensic analysis in the event of a security incident. Applying complete and approved URL filtering to outbound traffic is a frequent requirement in corporate policies, legal requirements or regulatory requirements.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

To Set URL Filtering:
For each Security Profile that transits traffic to the internet, navigate to Policies > Security > Security Profiles > [Policy Name] > URL Filtering.
Set a URL Filtering profile that complies with the policies of the organization is applied to all Security Policies that transit traffic to the public internet.
Impact:
Not having an effective URL Filtering configuration can leave an organization open to legal action, internal HR issues, non-compliance with regulatory policies or productivity loss.

Default Value:
Not Configured

See Also

https://workbench.cisecurity.org/files/2104

Item Details

Category: ACCESS CONTROL, CONFIGURATION MANAGEMENT

References: 800-53|AC-4(8), 800-53|CM-6b., CSCv6|7.6, CSCv7|7.4, CSCv7|7.5

Plugin: Palo_Alto

Control ID: 9eb4d91075eeeecc20ea8e0781b29f25da24d755b4eead9921e158eea45410a7