800-53|SC-7(3)

Title

ACCESS POINTS

Description

The organization limits the number of external network connections to the information system.

Supplemental

Limiting the number of external network connections facilitates more comprehensive monitoring of inbound and outbound communications traffic. The Trusted Internet Connection (TIC) initiative is an example of limiting the number of external network connections.

Reference Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.4.1.8 Ensure 'Navigate URL' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.13 Ensure 'Saved from URL' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.2.1 Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.2.2 Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Safe Browsing is active in the standard mode.' or higherWindowsCIS Google Chrome L1 v3.0.0
1.3.2 (L1) Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content'WindowsCIS Microsoft Edge v3.0.0 L1
1.4.2 Verify that the scheduler API service is protected by RBACOpenShiftCIS RedHat OpenShift Container Platform v1.6.0 L1
1.8 Ensure 'Control SafeSites adult content filtering' is set to 'Enabled: Filter top level sites (but not embedded iframes) for adult content'WindowsCIS Google Chrome L2 v3.0.0
1.25 Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.27 Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.47 (L2) Ensure 'Allow unconfigured sites to be reloaded in Internet Explorer mode' is set to 'Disabled'WindowsCIS Microsoft Edge v3.0.0 L2
2.2.1 Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content'WindowsCIS Google Chrome L1 v3.0.0
2.12 Ensure 'Allow proceeding from the SSL warning page' is set to 'Disabled'WindowsCIS Google Chrome L2 v3.0.0
2.13 Ensure 'Disable proceeding from the Safe Browsing warning page' is set to 'Enabled'WindowsCIS Google Chrome L1 v3.0.0
2.15 Ensure 'Force Google SafeSearch' is set to 'Enabled'WindowsCIS Google Chrome L2 v3.0.0
3.1 Disable Network PrefetchWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
3.1 Disable Network PrefetchUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
18.9.47.5.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 DC
18.9.47.5.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Azure Compute Microsoft Windows Server 2019 v1.0.0 L1 MS
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.10.42.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
18.10.42.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
18.10.43.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.10.43.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC
20.12 (L1) Ensure 'Unnecessary websites are blocked'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
21.9 (L1) Ensure 'Enable Network Protection' is set to 'Enabled (block mode)'WindowsCIS Microsoft Intune for Windows 10 v3.0.1 L1
21.9 (L1) Ensure 'Enable Network Protection' is set to 'Enabled (block mode)'WindowsCIS Microsoft Intune for Windows 11 v3.0.1 L1