ISO27001A.8.23voice-validated
ISO27001 A.8.23: A.8.23
ISO/IEC 27001:2022 Information Security Management
AL
Founder at SQUR · last verified 2026-06-19
Regulation text
Access to external websites shall be managed to reduce exposure to malicious content. Theme: Technological controls. (Full guidance: ISO/IEC 27002:2022 §8.23.)
ATT&CK techniques this article tests · 15
| Technique | Why it maps | Confidence |
|---|---|---|
| This control directly addresses drive-by compromise by managing access to external websites, preventing users from inadvertently visiting malicious sites that host exploit kits or deliver malware. ISO27001 A.8.23 aims to reduce exposure to such content. | 90% | |
| Phishing often involves malicious links leading to external websites. Managing access to these sites, as per ISO27001 A.8.23, can block access to phishing pages or sites hosting malicious payloads, thereby reducing the success rate of phishing attempts. | 80% | |
| T1204.001 | The control directly mitigates user execution via malicious links by managing access to external websites. Blocking known malicious sites or filtering content prevents users from clicking links that initiate malware downloads or execution, as specified in ISO27001 A.8.23. | 90% |
| T1071.001 | Command and Control often uses web protocols (HTTP/HTTPS) to communicate with external servers. Managing access to external websites, as per ISO27001 A.8.23, can block C2 channels by preventing connections to known malicious domains or filtering suspicious web traffic. | 90% |
| Exfiltration over C2 channels frequently involves data transfer to external websites. ISO27001 A.8.23, by managing access to external websites, can detect and block unauthorized outbound connections to attacker-controlled sites, preventing data exfiltration. | 80% | |
| This technique involves exfiltrating data to external web services. ISO27001 A.8.23 directly addresses this by managing and restricting access to external websites, preventing unauthorized data uploads or transfers to attacker-controlled web services. | 90% | |
| Malicious content on external websites often employs obfuscation to evade detection. Managing access to these websites, as per ISO27001 A.8.23, can involve content filtering that identifies and blocks obfuscated malicious code before it reaches endpoints. | 70% | |
| Malware delivered via external websites can collect data from local systems. By managing access to malicious websites, ISO27001 A.8.23 reduces the likelihood of such malware gaining a foothold and performing data collection. | 70% | |
| Malware originating from external websites may perform system network configuration discovery. ISO27001 A.8.23, by preventing initial compromise from malicious websites, indirectly limits the ability of attackers to execute discovery techniques. | 60% | |
| Exploitation for privilege escalation can sometimes occur through vulnerabilities in web browsers or plugins, triggered by malicious web content. Managing access to external websites, as per ISO27001 A.8.23, reduces exposure to such exploits. | 60% | |
| T1547.001 | Malware downloaded from malicious external websites can establish persistence via registry run keys. ISO27001 A.8.23, by preventing the initial download, reduces the risk of this persistence mechanism being deployed. | 60% |
| T1003.001 | Credential dumping can be performed by malware introduced through malicious websites. ISO27001 A.8.23, by limiting exposure to such sites, reduces the attack surface for credential theft. | 60% |
| T1021.001 | While not direct, initial compromise via malicious websites can lead to lateral movement using remote services. ISO27001 A.8.23 reduces the initial attack vector, thereby indirectly impacting subsequent lateral movement attempts. | 50% |
| Malware from external websites can inhibit system recovery (e.g., ransomware). ISO27001 A.8.23, by preventing the initial infection from malicious web content, reduces the risk of such impact techniques. | 50% | |
| T1071.004 | DNS can be used for C2, often initiated by malware from external websites. Managing access to external websites, as per ISO27001 A.8.23, can include DNS filtering to block resolutions for known malicious domains, disrupting C2. | 70% |
Defending mitigations · 7
| Mitigation | What it does | Confidence |
|---|---|---|
| M1037 | Filtering network traffic, specifically web traffic, directly implements ISO27001 A.8.23 by blocking access to known malicious external websites and content, thereby reducing exposure to threats. This is a primary defensive logic for the control. | 95% |
| M1056 | Restricting web-based content is a direct application of ISO27001 A.8.23. This mitigation involves implementing web content filtering and proxy services to prevent access to malicious or unauthorized external websites, fulfilling the control's objective. | 95% |
| M1017 | User training on safe web browsing practices and identifying malicious content is crucial for ISO27001 A.8.23. Educated users are less likely to click malicious links or visit dangerous external websites, complementing technical controls. | 85% |
| M1031 | Network intrusion prevention systems can detect and block malicious web traffic, including exploits and malware downloads from external websites. This directly supports ISO27001 A.8.23 by reducing exposure to malicious content. | 80% |
| M1035 | Network segmentation can limit the impact of a compromise originating from malicious web content. If a system is compromised via an external website, segmentation can restrict lateral movement, aligning with the risk reduction goal of ISO27001 A.8.23. | 70% |
| M1040 | Disabling or removing unnecessary browser features or plugins reduces the attack surface that malicious external websites can exploit. This proactive measure supports ISO27001 A.8.23 by minimizing potential vectors for malicious content. | 75% |
| M1047 | Auditing and monitoring web access logs can identify attempts to access malicious external websites or suspicious data transfers, providing detection capabilities that complement the preventative measures of ISO27001 A.8.23. | 70% |
Underlying weaknesses · 7
| CWE | Why it persists | Confidence |
|---|---|---|
| CWE-79 | Improper neutralization of input during web page generation (XSS) on external websites can lead to malicious content execution. ISO27001 A.8.23 aims to prevent access to such compromised or malicious sites, mitigating this weakness. | 80% |
| CWE-601 | URL redirection to untrusted sites can lead users to malicious external websites. ISO27001 A.8.23 directly addresses this by managing and filtering access to external websites, preventing redirection to dangerous domains. | 80% |
| CWE-434 | Unrestricted upload of files with dangerous types on external websites can host malware. ISO27001 A.8.23, by controlling access to such sites, reduces the risk of users encountering or downloading these malicious files. | 70% |
| CWE-20 | Improper input validation on external websites can lead to various vulnerabilities that attackers exploit to deliver malicious content. ISO27001 A.8.23 mitigates the risk by limiting exposure to sites with such weaknesses. | 60% |
| CWE-295 | Improper certificate validation can allow connections to malicious external websites masquerading as legitimate ones. ISO27001 A.8.23 implies controls to ensure secure connections and validate website authenticity, reducing this exposure. | 70% |
| CWE-119 | Improper restriction of operations within memory buffers (buffer overflows) in web browsers can be exploited by malicious external websites. ISO27001 A.8.23 reduces exposure to sites designed to exploit such client-side weaknesses. | 60% |
| CWE-120 | Buffer copy without checking input size (classic buffer overflow) in web browsers or plugins can be triggered by malicious web content. ISO27001 A.8.23 helps prevent access to external websites that leverage these vulnerabilities. | 60% |
What SQUR Covers
Web application + API pentesting for OWASP Top 10, business logic flaws, authentication bypass, injection attacks, and other application-layer vulnerabilities. €1,995 per scan, 24-hour turnaround, EU-only data.
What SQUR Does Not Cover
Internal network pentesting, endpoint security testing, physical security assessments, social engineering, or ICT third-party concentration risk reviews. Engage a complementary provider for those scope items.
Provenance
Mapped Q2.2026 using gemini-2.5-flash · €0.0219 compute · voice-rubric self-validated