Web browsers block web ads from the internet
Ensure web browsers do not display internet ads to prevent potential security risks.
Plain language
This control is about making sure your web browsers block internet advertisements. It matters because some ads can sneak nasty software onto your computer, which might steal your information or cause other trouble. Stopping ads helps keep your computer and data safe.
Framework
ASD Essential Eight
Control effect
Proactive
E8 mitigation strategy
Application hardening
Classifications
N/A
Official last update
N/A
Control Stack last updated
19 Mar 2026
E8 maturity levels
ML1
Official control statement
Web browsers do not process web advertisements from the internet.
Why it matters
If browsers process internet ads, malvertising can deliver malware or credential theft via ad networks, leading to compromise and data loss.
Operational notes
Enforce browser policies or approved ad-blocking extensions to block internet ads, and regularly test updates so ads are not processed.
Implementation tips
- IT team should install ad blocker extensions on all company web browsers. This can be done by selecting a reputable ad blocker from the browser's extension store and installing it on each browser used by the organisation.
- System administrator should configure web content filtering to block advertisements on the network. This can be achieved by setting up filters on the network's firewall or router to block ad-serving domains.
- IT manager should ensure users cannot disable ad blockers in their browsers. This can be done by applying browser settings through group policy that prevent changes to the extension settings.
- IT support should provide training to all staff on why blocking ads is important. This can be done through a short online session explaining the risks of 'malvertising' and how it can affect them.
Audit / evidence tips
- AskHow are web advertisements blocked in the organisation's web browsers?
- GoodAll web browsers have a verified ad blocker extension installed that is active
- AskWhat measures are in place to prevent users from disabling ad blockers?
- GoodPolicies are in place that lock ad blocker settings so users cannot change or disable them
Cross-framework mappings
How E8-AH-ML1.3 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| link Related (1) expand_less | ||
| Annex A 8.7 | Annex A 8.7 requires organisations to implement measures that protect against malware and to support them with user awareness | |
ASD ISM
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| ISM-0963 | E8-AH-ML1.3 requires preventing web browsers from processing internet-served advertisements | |
| handshake Supports (1) expand_less | ||
| ISM-0958 | E8-AH-ML1.3 requires that browsers do not process advertisements sourced from the internet | |
| link Related (1) expand_less | ||
| ISM-1485 | E8-AH-ML1.3 requires that web browsers do not process web advertisements from the internet to reduce exposure to malvertising and ad-deli... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.