Detections
Analytics

CSCv7|7.4

Title

Maintain and Enforce Network-Based URL Filters

Description

Enforce network-based URL filters that limit a system's ability to connect to websites not approved by the organization. This filtering shall be enforced for each of the organization's systems, whether they are physically at an organization's facilities or not.

Reference Item Details

Category: Email and Web Browser Protections

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.22 Ensure 'Allow users to proceed from the HTTPS warning page' is set to 'Disabled'WindowsCIS Microsoft Edge L2 v1.0.0
1.1.22 Ensure 'Allow users to proceed from the HTTPS warning page' is set to 'Disabled'WindowsCIS Microsoft Edge L2 v1.0.1
1.1.34 Ensure 'Configure the list of names that will bypass the HSTS policy check' is set to 'Disabled'WindowsCIS Microsoft Edge L1 v1.0.1
1.1.34 Ensure 'Configure the list of names that will bypass the HSTS policy check' is set to 'Disabled'WindowsCIS Microsoft Edge L1 v1.0.0
1.2.1 Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.2.1 Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
1.2.2 Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Safe Browsing is active in the standard mode.' or higherWindowsCIS Google Chrome L1 v3.0.0
1.2.2 Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Standard Protection' or higherWindowsCIS Google Chrome L1 v2.1.0
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.4 Use Secure Upstream Caching DNS ServersUnixCIS BIND DNS v1.0.0 L2 Caching Only Name Server
1.8 Ensure 'Control SafeSites adult content filtering' is set to 'Enabled: Filter top level sites (but not embedded iframes) for adult content'WindowsCIS Google Chrome L2 v3.0.0
1.8 Ensure 'Control SafeSites adult content filtering' is set to 'Enabled: Filter top level sites (but not embedded iframes) for adult content' specifiedWindowsCIS Google Chrome L2 v2.1.0
1.9 Ensure 'Determine the availability of variations' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
1.9 Ensure 'Determine the availability of variations' is set to 'Enable all variations'WindowsCIS Google Chrome L1 v3.0.0
1.25 Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.26 Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
1.27 Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.28 Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 v3.0.0 L1 Domain Controller
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 v3.0.0 L1 Member Server
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + NG
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + NG
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL + NG
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL + NG
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
18.10.43.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 STIG v2.0.0 L1 MS
18.10.43.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS