Interfaces which are classified as 'WAN' and are used by a policy should use an IPS sensor which block or monitor outgoing connections to botnet sites. Rationale: Blocking outgoing connections to known Botnets should be utilized in a Defense In Depth network design NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Apply an IPS Sensor with 'Scan Outgoing Connections to Botnet Sites' set to 'Block' on all firewall policies with traffic exiting the network to a 'WAN' interface.