800-53|SC-7(3)

Title

ACCESS POINTS

Description

The organization limits the number of external network connections to the information system.

Supplemental

Limiting the number of external network connections facilitates more comprehensive monitoring of inbound and outbound communications traffic. The Trusted Internet Connection (TIC) initiative is an example of limiting the number of external network connections.

Reference Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: BOUNDARY PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.4.1.8 Ensure 'Navigate URL' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.1.0 L1
1.1.4.1.13 Ensure 'Saved from URL' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.1.0 L1
1.2.1 Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
1.2.2 Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Standard Protection' or higherWindowsCIS Google Chrome L1 v2.1.0
1.3.3 Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content'WindowsCIS Microsoft Edge L1 v2.0.0
1.3.10 Ensure 'Password Profiles' do not existPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
1.4.2 Verify that the scheduler API service is protected by RBACOpenShiftCIS RedHat OpenShift Container Platform 4 v1.5.0 L1
1.8 Ensure 'Control SafeSites adult content filtering' is set to 'Enabled: Filter top level sites (but not embedded iframes) for adult content' specifiedWindowsCIS Google Chrome L2 v2.1.0
1.26 Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
1.28 Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
2.2.1 Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content'WindowsCIS Google Chrome L1 v2.1.0
2.10 Ensure 'Allow proceeding from the SSL warning page' is set to 'Disabled'WindowsCIS Google Chrome L2 v2.1.0
2.11 Ensure 'Disable proceeding from the Safe Browsing warning page' is set to 'Enabled'WindowsCIS Google Chrome L1 v2.1.0
2.14 Ensure 'Force Google SafeSearch' is set to 'Enabled'WindowsCIS Google Chrome L2 v2.1.0
3.1 Disable Network PrefetchUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
3.1 Disable Network PrefetchWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
4.2 Ensure 'Applications and Threats Update Schedule' is set to download and install updates at daily or shorter intervalsPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
6.10 Ensure that access to every URL is loggedPalo_AltoCIS Palo Alto Firewall 10 v1.1.0 L1
6.10 Ensure that URL Filtering uses the action of 'block' or 'override' on the URL categories - override on the URL categoriesPalo_AltoCIS Palo Alto Firewall 9 v1.1.0 L1
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 DC
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Azure Compute Microsoft Windows Server 2022 v1.0.0 L1 MS
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL + NG
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 10 v2.0.0 L1 + NG
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL + NG
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 11 v2.0.0 L1 + NG
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v2.0.0 L1
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: BlockWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + NG
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: BlockWindowsCIS Microsoft Windows Server 2019 MS L1 v2.0.0
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: BlockWindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: BlockWindowsCIS Microsoft Windows Server 2016 DC L1 v2.0.0
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: BlockWindowsCIS Microsoft Windows Server 2016 MS L1 v2.0.0
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: BlockWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: BlockWindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 MS
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: BlockWindowsCIS Microsoft Windows 11 Stand-alone v2.0.0 L1
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: BlockWindowsCIS Microsoft Windows Server 2019 DC L1 v2.0.0
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: BlockWindowsCIS Microsoft Windows Server 2022 v2.0.0 L1 DC
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: BlockWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: BlockWindowsCIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
20.12 Ensure 'Unnecessary websites are blocked'WindowsCIS Microsoft Windows 10 EMS Gateway v2.0.0 L1