6.1 (L1) Ensure 'Warn when visiting a fraudulent website' is 'Enabled'

Information

Safari can be configured to alert the user that the site they are visiting is known to be malicious. It is recommended that this capability be enabled.

Rationale:

Users will be alerted about known malicious web sites, thus decreasing the probability of a user's browser or system being exploited by known malware or phishing site.

Solution

Follow the below steps to set Warn when visiting a fraudulent website to Enabled:

1. Click Safari.
2. Click Preferences.
3. Click AutoFill.
4. Check the Warn when visiting a fraudulent website checkbox.

To configure the plist follow the below steps:

1. Open the com.apple.Safari.plist.
2. Find the token <key>WarnAboutFraudulentWebsites</key>
3. Ensure this token is immediately followed by <true/>

Default Value:
Enabled.

See Also

https://workbench.cisecurity.org/files/1822

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CSCv6|7

Plugin: Unix

Control ID: 68b2981742207305d7784ca577a6323d5538c107f9a01feba7ce61286187c38b