CSCv7|7.4

Title

Maintain and Enforce Network-Based URL Filters

Description

Enforce network-based URL filters that limit a system's ability to connect to websites not approved by the organization. This filtering shall be enforced for each of the organization's systems, whether they are physically at an organization's facilities or not.

Reference Item Details

Category: Email and Web Browser Protections

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.39 (L1) Ensure 'Network Prediction' is set to 'Disabled'WindowsCIS Mozilla Firefox ESR GPO v1.0.0 L1
1.2.1 Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.2.2 Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Safe Browsing is active in the standard mode.' or higherWindowsCIS Google Chrome L1 v3.0.0
1.4 Use Secure Upstream Caching DNS ServersUnixCIS BIND DNS v1.0.0 L2 Caching Only Name Server
1.8 Ensure 'Control SafeSites adult content filtering' is set to 'Enabled: Filter top level sites (but not embedded iframes) for adult content'WindowsCIS Google Chrome L2 v3.0.0
1.9 Ensure 'Determine the availability of variations' is set to 'Enable all variations'WindowsCIS Google Chrome L1 v3.0.0
1.25 Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
1.27 Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled'WindowsCIS Google Chrome L1 v3.0.0
18.8.22.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker
18.8.22.1.6 Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1
18.8.22.1.8 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2
18.8.22.1.8 (L2) Ensure 'Turn off Registration if URL connection is referring to Microsoft.com' is set to 'Enabled'WindowsCIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker
18.9.20.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.9.20.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.9.20.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.9.20.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.9.20.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.9.20.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.9.20.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.9.20.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.9.20.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.9.20.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.9.20.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.9.20.1.6 (L1) Ensure 'Turn off Internet download for Web publishing and online ordering wizards' is set to 'Enabled'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 MS
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Member Server
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL NG
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + BL + NG
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 DC
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 Stand-alone v2.0.0 L1 MS
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 v3.0.1 L1 DC
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1 + BL
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 v3.0.0 L1 MS
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 BL
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 v3.0.0 L1 Domain Controller
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Enterprise v3.0.0 L1 + BL
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 11 Stand-alone v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 EMS Gateway v3.0.0 L1
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Stand-alone v3.0.0 L1 NG
18.10.42.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows 10 Enterprise v3.0.0 L1 + NG
18.10.42.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 MS
18.10.42.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2016 STIG v3.0.0 L1 Domain Controller
18.10.43.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 DC
18.10.43.6.3.1 (L1) Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2019 STIG v2.0.0 L1 MS
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 MS
18.10.43.6.3.1 Ensure 'Prevent users and apps from accessing dangerous websites' is set to 'Enabled: Block'WindowsCIS Microsoft Windows Server 2022 STIG v1.0.0 L1 DC