CSCv7|7.4

Title

Maintain and Enforce Network-Based URL Filters

Description

Enforce network-based URL filters that limit a system's ability to connect to websites not approved by the organization. This filtering shall be enforced for each of the organization's systems, whether they are physically at an organization's facilities or not.

Reference Item Details

Reference: CIS Critical Security Controls v7

Category: Email and Web Browser Protections

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.2.1 Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled'	Windows	CIS Google Chrome L1 v3.0.0
1.2.2 Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Safe Browsing is active in the standard mode.' or higher	Windows	CIS Google Chrome L1 v3.0.0
1.3.10 Ensure 'Password Profiles' do not exist	Palo_Alto	CIS Palo Alto Firewall 10 v1.1.0 L1
1.4 Use Secure Upstream Caching DNS Servers	Unix	CIS BIND DNS v1.0.0 L2 Caching Only Name Server
1.8 Ensure 'Control SafeSites adult content filtering' is set to 'Enabled: Filter top level sites (but not embedded iframes) for adult content'	Windows	CIS Google Chrome L2 v3.0.0
1.9 Ensure 'Determine the availability of variations' is set to 'Enable all variations'	Windows	CIS Google Chrome L1 v3.0.0
1.25 Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled'	Windows	CIS Google Chrome L1 v3.0.0
1.27 Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled'	Windows	CIS Google Chrome L1 v3.0.0
18.8.22.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.8.22.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L1
18.8.22.1.8 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.8.22.1.8 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'	Windows	CIS Microsoft Windows 8.1 v2.4.1 L2
18.9.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.9.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.9.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.9.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1
18.9.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
18.9.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1
18.9.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.9.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + NG
18.9.20.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled' - Enabled	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL + NG
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + NG
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + BL
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Intune for Windows 10 v2.0.0 L1 + NG
18.10.43.4.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Intune for Windows 11 v2.0.0 L1 + BL + NG
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + NG
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows 10 EMS Gateway v2.0.0 L1
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1 + BL + NG
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows 10 Enterprise v2.0.0 L1
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'	Windows	CIS Microsoft Windows 11 Enterprise v2.0.0 L1 + BL
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 MS
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows Server 2016 MS L1 v2.0.0
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + NG
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows Server 2016 DC L1 v2.0.0
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1 + BL
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows Server 2019 MS L1 v2.0.0
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows Server 2019 DC L1 v2.0.0
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1 + BL + NG
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows 10 Stand-alone v2.0.0 L1
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows Server 2022 v2.0.0 L1 DC
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows 11 Stand-alone v2.0.0 L1
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows Server 2019 Standalone DC L1 vCIS Microsoft Windows Server 2019 Standalone DC L1 v1.0.0
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block' - Enabled: Block	Windows	CIS Microsoft Windows Server 2019 MS Standalone L1 v1.0.0

Detections

Analytics

CSCv7|7.4

Title

Description

Reference Item Details

Audit Items