Web browsers block web ads from the internet
Ensure web browsers do not display internet ads to prevent potential security risks.
🏛️ Framework
ASD Essential Eight
🧭 Control effect
Proactive
🛠️ E8 mitigation strategy
Application hardening
🔐 Classifications
N/A
🗓️ Official last update
N/A
✏️ Control Stack last updated
19 Mar 2026
🎯 E8 maturity levels
ML1
Web browsers do not process web advertisements from the internet.
Source: ASD Essential Eight
Plain language
This control is about making sure your web browsers block internet advertisements. It matters because some ads can sneak nasty software onto your computer, which might steal your information or cause other trouble. Stopping ads helps keep your computer and data safe.
Why it matters
If browsers process internet ads, malvertising can deliver malware or credential theft via ad networks, leading to compromise and data loss.
Operational notes
Enforce browser policies or approved ad-blocking extensions to block internet ads, and regularly test updates so ads are not processed.
Implementation tips
- IT team should install ad blocker extensions on all company web browsers. This can be done by selecting a reputable ad blocker from the browser's extension store and installing it on each browser used by the organisation.
- System administrator should configure web content filtering to block advertisements on the network. This can be achieved by setting up filters on the network's firewall or router to block ad-serving domains.
- IT manager should ensure users cannot disable ad blockers in their browsers. This can be done by applying browser settings through group policy that prevent changes to the extension settings.
- IT support should provide training to all staff on why blocking ads is important. This can be done through a short online session explaining the risks of 'malvertising' and how it can affect them.
Audit / evidence tips
-
Ask: How are web advertisements blocked in the organisation's web browsers?
-
Good: All web browsers have a verified ad blocker extension installed that is active
-
Ask: What measures are in place to prevent users from disabling ad blockers?
-
Good: Policies are in place that lock ad blocker settings so users cannot change or disable them
Cross-framework mappings
How E8-AH-ML1.3 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Related (1) | ||
| Annex A 8.7 | Annex A 8.7 requires organisations to implement measures that protect against malware and to support them with user awareness | |
ASD ISM
| Control | Notes | Details |
|---|---|---|
| Partially meets (1) | ||
| ISM-0963 | E8-AH-ML1.3 requires preventing web browsers from processing internet-served advertisements | |
| Supports (1) | ||
| ISM-0958 | E8-AH-ML1.3 requires that browsers do not process advertisements sourced from the internet | |
| Related (1) | ||
| ISM-1485 | E8-AH-ML1.3 requires that web browsers do not process web advertisements from the internet to reduce exposure to malvertising and ad-deli... | |