UnixTime

Research Note

A.8.23 Audit Checklist

Use this checklist during an internal audit of web filtering policy, tool configuration, coverage, exceptions, bypass resistance, monitoring, and awareness.

On this page

When to use this

Use this checklist during an internal audit of web filtering policy, tool configuration, coverage, exceptions, bypass resistance, monitoring, and awareness.

Audit checklist

  • Review web filtering policy.
  • Compare policy to category/rule configuration.
  • Review coverage for users, devices, and remote access.
  • Review exception and false-positive handling.
  • Verify users cannot manually bypass filtering.
  • Review alerts for malicious or command-and-control destinations.
  • Check alert escalation into monitoring or incident response.
  • Review periodic effectiveness reviews.
  • Interview users on what filtering exists and why.

Findings table

Filtering area Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD
  • Template
  • Audit
  • Iso27001
  • A8 23

Note Metadata

Aliases: A.8.23 Web Filtering Audit Checklist

Source: 90 Templates/A.8.23 Audit Checklist.md

Graph-sourced resources

Templates and evidence

Auditor evidence packs

Evidence collections and audit-facing verification material.