CSCv7|7.4

Title

Maintain and Enforce Network-Based URL Filters

Description

Enforce network-based URL filters that limit a system's ability to connect to websites not approved by the organization. This filtering shall be enforced for each of the organization's systems, whether they are physically at an organization's facilities or not.

Reference Item Details

Category: Email and Web Browser Protections

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.22 Ensure 'Allow users to proceed from the HTTPS warning page' is set to 'Disabled'WindowsCIS Microsoft Edge L2 v1.0.1
1.1.34 Ensure 'Configure the list of names that will bypass the HSTS policy check' is set to 'Disabled'WindowsCIS Microsoft Edge L1 v1.0.1
1.2.1 Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
1.2.2 Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Standard Protection' or higherWindowsCIS Google Chrome L1 v2.1.0
1.4 Use Secure Upstream Caching DNS ServersUnixCIS BIND DNS v1.0.0 L2 Caching Only Name Server
1.8 Ensure 'Control SafeSites adult content filtering' is set to 'Enabled: Filter top level sites (but not embedded iframes) for adult content' specifiedWindowsCIS Google Chrome L2 v2.1.0
1.9 Ensure 'Determine the availability of variations' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
1.26 Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
1.28 Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled'WindowsCIS Google Chrome L1 v2.1.0
18.8.22.1.5 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.8.22.1.5 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.8.22.1.5 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Windows Server 2012 MS L1 v2.2.0
18.8.22.1.5 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L1 v2.2.0
18.8.22.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1
18.8.22.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L1 Bitlocker
18.8.22.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.8.22.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
18.8.22.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.8.22.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.8.22.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.8.22.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.8.22.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.8.22.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.8.22.1.7 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L2 v2.2.0
18.8.22.1.7 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'WindowsCIS Windows Server 2016 DC L2 v1.3.0
18.8.22.1.7 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'WindowsCIS Microsoft Windows Server 2016 MS L2 v1.3.0
18.8.22.1.7 Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'WindowsCIS Windows Server 2012 MS L2 v2.2.0
18.8.22.1.8 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2
18.8.22.1.8 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.0 L2 Bitlocker
18.9.45.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL
18.9.45.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + NG
18.9.45.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 STIG DC L1 v1.0.1
18.9.45.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 STIG MS L1 v1.1.0
18.9.45.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 DC L1 v1.3.0
18.9.45.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1 + BL + NG
18.9.45.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Intune for Windows 10 Release 2004 v1.0.1 L1
18.9.45.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 MS L1 v1.3.0
18.9.45.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 STIG DC L1 v1.1.0
18.9.45.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 STIG MS L1 v1.0.1
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 DC L1 v1.3.0
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + NG
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 MS
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL + NG
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL + NG
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + BL
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v1.12.0 L1 + NG
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1 + BL
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v1.0.0 L1
18.9.47.5.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 v1.0.0 L1 DC