Information
This setting ensures that all websites except those that are needed to transfer data to/from the EMS Gateway and to receive updates are blocked on the system.
Rationale:
Blocking unnecessary websites on the Elections Management Systems (EMS) Gateway can help mitigate against web-based attacks.
Impact:
Users will not be able to access websites that are not on the allowlist.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To establish the recommended configuration via GP, set the following (based on browser used) UI paths to block all with exceptions.
Microsoft Edge
Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Block access to a list of URLs
Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Define a list of allowed URLs
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from Microsoft here.
Google Chrome
Computer Configuration\Policies\Administrative Templates\Classic Administrative Templates (ADM)\Google\Google Chrome\Block access to a list of URLs
Computer Configuration\Policies\Administrative Templates\Classic Administrative Templates (ADM)\Google\Google Chrome\Allow access to a list of URLs
Note: This Group Policy path may not exist by default. It is provided by the Group Policy template Chrome.adm that can be downloaded from here.
Default Value:
Microsoft Edge
Block access to a list of URLs - If you don't configure this policy, no URLs are blocked.
Define a list of allowed URLs - If you don't configure this policy, there are no exceptions to the block list in the URLBlocklist policy.
Google Chrome
Block access to a list of URLs - Unknown
Allow access to a list of URLs - Leaving the policy unset allows no exceptions to URLBlocklist.