CMMC Practice SC.4.229
Utilize a URL categorization service and implement techniques to enforce URL filtering of websites that are not approved by the organization.
Bold Coast Security Guidance
Devise a policy for what websites you will filter, either using an internal proxy server server or a cloud based DNS filtering service. The decision to allow or block certain services should be reached with management and human resources. In addition to blocking standard categories such as violence, pornorgraphy, gambling and hacking tools, the organization should also consider file sharing sites, social media, and personal web-based email. You may also wish to create an exception approval process for certain users.
Utilize you security plan to identify the tools used to filter the traffic, the person responsible for maintaining the tool, and any costs associated with it. To measure its effectiveness, be sure to test visiting sites from time to time to ensure its still working as expected.
Typically a high percentage of an organization’s internet traffic is web-based. Web-based information and services is access through a Uniform Resource Locator (URL). Information regarding the provenance and purpose of a URL can be used to restrict access for policy or security concerns.