Enable Botnet C&C domain blocking to block botnet access at the DNS name resolving stage Rationale: Blocking botnet website access at the DNS resolution stage provides an additional layer of defense. NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Review DNS Filter Security Profiles and validate that 'Redirect botnet C&C requests to Block Portal' is enabled and that firewall policies that have DNS traffic have a DNS Filter security profile applied with that option enabled