The Department of Homeland Security states that web content filtering (WCF) provides protection at the application layer for web traffic by blocking access to suspicious websites, preventing malware from running on systems and networks, and detecting and blocking phishing attempts as well as malicious web content. Sites that are new, not categorized, or have not been reviewed by an accredited WCF service pose an increased risk to organizations and their networks. (Source)
- Standards
- Implementation / Use Cases
- Industry Best Practices
- Example Tools / Policies
- CMMC Readiness
This publication provides recommendations for securing BYOD devices used for telework and remote access, as well as those directly attached to the enterprise’s own networks. NIST resource that defines the requirements for boundary protection.
This article from Cloudflare gives the reader a high level overview of URL filtering. Web Content Filtering (WCF) provides protection at the application layer for web traffic by blocking access to suspicious websites, preventing malware from running on systems and networks, and detecting and blocking phishing attempts as well as malicious web content.
Microsoft Entra Internet Access's first Secure Web Gateway (SWG) features include web content filtering based on domain names. Microsoft integrates granular filtering policies with Microsoft Entra ID and Microsoft Entra Conditional Access, which results in filtering policies that are user-aware, context-aware, and easy to manage. This website provides information on how to configure policies across your device groups to block certain website categories using Microsoft Defender This technical article from PaloAlto provides some best practices to show you how to reduce your exposure to web-based threats, without limiting user access to web resources that they need.
Barracuda Web Security Gateway lets organizations benefit from online applications and tools without exposure to web-borne malware and viruses, lost user productivity, and misused bandwidth. Meraki is a Cisco Conent Filtering product that allows you to block certain websites based on your organizational policies. Web content filtering is critical for protecting networks and users against web-based threats, objectionable internet content, and distracting website. This is a potential solution provided by CurrentWave A list of web content filtering solutions provided by Expert Insights. This site provides a listing of Web Content Filtering solutions. WCF solutions comprise appliances and software for censoring or preventing access to restricted web content deemed offensive or inappropriate.
CMMC Assessment Guides
This document provides self-assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 1. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 2. This document provides assessment guidance for conducting Cybersecurity Maturity Model Certification (CMMC) assessments for Level 3. The purpose of this publication is to provide procedures for assessing the CUI requirements in NIST Special Publication 800-171.