Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook

Detecting and blocking access to dangerous websites


The organization must identify the types of websites that staff should and should not have access to.

The organization must consider blocking access to the following types of sites (either automatically or by other means):

  • websites with a file upload function, unless this is permitted for a specific business need
  • known or suspected malicious websites (e.g. distributing malware or containing phishing content)
  • command and control servers
  • websites distributing illegal content
Connected other frameworks and requirements:
12.2: Protection from malware
ISO 27001
12.2.1: Controls against malware
ISO 27001
8.7: Protection against malware
ISO 27001
8.23: Web filtering
ISO 27001
No items found.