ISO 27002:2022 introduces several new information security controls including A8.23 – Web filtering
This blog takes a brief look at what is required.
Web filtering in ISO 27002:2022
The new control id 8.23 – Web filtering has been added to ISO/IEC 27002:2022 to protect systems from being compromised by malware and to prevent access to unauthorised web resources.
The control is regarding Access to external websites which should be managed to reduce exposure to malicious content.
How to Evidence A8.23 of ISO 27002:2022
Organisations can evidence control A8.23 in several ways, including:
- establishing soft and/or technical policies for the use of online resources which may include restricting access to undesirable or inappropriate websites and web-based applications.
- a web filtering policy which may include an allow-list of acceptable websites or domains or a prohibited-list of websites or domains.
Implement A8.23 – Web filtering
While it may be relatively easy to implement Web filtering on a single corporate network, via a firewall device, it becomes more challenging where staff work remotely and connect via home routers.
In this case organisation’s might consider a mobile device management (MDM) tool which would bring additional benefits.
If you need assistance with control A8.23, Assent’s ISO 27002 Consultants can help.