Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If RemoteAccessHostFirewallTraversal is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. Windows registry: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the RemoteAccessHostFirewallTraversal value name does not exist or its value data is not set to 0, then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative\Templates\Google\Google Chrome\Remote Access Policy Name: Enable firewall traversal from remote access host Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If DefaultGeolocationSetting is not displayed under the Policy Name column or it is not set to 2, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the DefaultGeolocationSetting value name does not exist or its value data is not set to 2, then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings\ Policy Name: Default geolocation setting Policy State: Enabled Policy Value: Do not allow any site to track the users' physical location
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If DefaultPopupsSetting is not displayed under the Policy Name column or it is not set to 2, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the value name DefaultPopupsSetting does not exist or its value data is not set to 2, then this is a finding. Note: If AO Approved exceptions to this rule have been enabled, this is not a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings\ Policy Name: Default popups setting Policy State: Enabled Policy Value: Do not allow any site to show popups
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If ExtensionInstallBlocklist is not displayed under the Policy Name column or it is not set to * under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ExtensionInstallBlocklist 3. If the a registry value name of 1 does not exist under that key or its value is not set to *, then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Extensions\ Policy Name: Configure extension installation blocklist Policy State: Enabled Policy Value: *
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If ExtensionInstallAllowlist is not displayed under the Policy Name column or it is not set to oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator approved extension IDs, then this is a finding. Windows method: 1. Start regedit 2. Navigate to the key HKLM\Software\Policies\Google\Chrome\ExtensionInstallAllowlist 3. If the ExtensionInstallAllowlist key is not set to 1 and oiigbmnaadbkfbmpbfijlflahbdbdgdf or a list of administrator-approved extension IDs, then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Extensions\ Policy Name: Configure extension installation allowlist Policy State: Enabled Policy Value: oiigbmnaadbkfbmpbfijlflahbdbdgdf Note: oiigbmnaadbkfbmpbfijlflahbdbdgdfis the extension ID for scriptno (a commonly used Chrome extension), other extension IDs may vary.
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If DefaultSearchProviderName is displayed under the Policy Name column or it is not set to an organization approved encrypted search provider that corresponds to the encrypted search provider set in DTBC-0008(ex. Google Encrypted, Bing Encrypted) under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the DefaultSearchProviderName value name does not exist or it is not set to an organization approved encrypted search provider that corresponds to the encrypted search provider set in DTBC-0008(ex. Google Encrypted, Bing Encrypted), then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Default search provider\ Policy Name: Default search provider name Policy State: Enabled Policy Value: set to an organization approved encrypted search provider that corresponds to the encrypted search provider set in DTBC-0008(ex. Google Encrypted, Bing Encrypted)
If the system is on the SIPRNet, this requirement is NA. Universal method: 1. In the omnibox (address bar) type chrome://policy. 2. If DefaultSearchProviderSearchURL is not displayed under the Policy Name column or it is not set to an organization-approved encrypted search string (ex. https://www.google.com/search?q={searchTerms} or https://www.bing.com/search?q={searchTerms} ) under the Policy Value column, this is a finding. Windows method: 1. Start regedit. 2. Navigate to HKLM\Software\Policies\Google\Chrome\. 3. If the DefaultSearchProviderSearchURL value name does not exist or its value data is not set to an organization-approved encrypted search string (ex. https://www.google.com/search?q={searchTerms} or https://www.bing.com/search?q={searchTerms} ), this is a finding.
If the system is on the SIPRNet, this requirement is NA. Windows group policy: 1. Open the group policy editor tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Default search provider\. - Policy Name: Default search provider search URL - Policy State: Enabled - Policy Value: Must be set to an organization-approved encrypted search string (ex. https://www.google.com/search?q={searchTerms} or https://www.bing.com/search?q={searchTerms} )
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If DefaultSearchProviderEnabled is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the DefaultSearchProviderEnabled value name does not exist or its value data is not set to 1, then this is a finding. Note: This policy will only display in the chrome://policy tab on domain joined systems. On standalone systems, the policy will not display.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Default search provider\ Policy Name: Enable the default search provider Policy State: Enabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If PasswordManagerEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the PasswordManagerEnabled value name does not exist or its value data is not set to 0, then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Password Manager\ Policy Name: Enable Saving Passwords to the Password Manager Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If BackgroundModeEnabled is not displayed under the Policy Name column and it is not set to false under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the BackgroundModeEnabled value name does not exist or its value data is not set to 0, then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Continue running background apps when Google Chrome is closed Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If SyncDisabled is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the SyncDisabled value name does not exist or its value data is not set to 1, then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Disable synchronization of data with Google Policy State: Enabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy. 2. If URLBlocklist is not displayed under the Policy Name column or it is not set to javascript://* under the Policy Value column, this is a finding. Windows method: 1. Start regedit. 2. Navigate to HKLM\Software\Policies\Google\Chrome\URLBlocklist. 3. If the URLBlocklist key does not exist, or the does not contain entries 1 set to javascript://*, this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Block access to a list of URLs. - Policy State: Enabled - Policy Value 1: javascript://*
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If CloudPrintProxyEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the CloudPrintProxyEnabled value name does not exist or its value data is not set to 0, then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Printing Policy Name: Enable Google Cloud Print proxy Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "NetworkPredictionOptions" is not displayed under the “Policy Name” column or it is not set to "2" under the “Policy Value” column, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "NetworkPredictionOptions" value name does not exist or its value data is not set to "2," this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable network prediction Policy State: Enabled Policy Value: Do not predict network actions on any network connection
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If MetricsReportingEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the MetricsReportingEnabled value name does not exist or its value data is not set to 0, then this is a finding. Note: This policy will only display in the chrome://policy tab on domain joined systems. On standalone systems, the policy will not display.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable reporting of usage and crash-related data Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If SearchSuggestEnabled is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the SearchSuggestEnabled value name does not exist or its value data is not set to 0, then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable search suggestions Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If ImportSavedPasswords is not displayed under the Policy Name column or it is not set to false under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the ImportSavedPasswords value name does not exist or its value data is not set to 0, then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Import saved passwords from default browser on first run Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If IncognitoModeAvailability is not displayed under the Policy Name column or it is not set to 1 under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the IncognitoModeAvailability value name does not exist or its value data is not set to 1, then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Incognito mode availability Policy State: Enabled Policy Value: Incognito mode disabled
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If EnableOnlineRevocationChecks is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the EnableOnlineRevocationChecks value name does not exist or its value data is not set to 1, then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable online OCSP/CRL checks Policy State: Enabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If SafeBrowsingProtectionLevel is not displayed under the Policy Name column or it is not set to 1 or 2 under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the SafeBrowsingProtectionLevel value name does not exist or its value data is not set to 1 or 2, then this is a finding.
Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Safe Browsing Settings Policy Name: Safe Browsing Protection Level Policy State: Enabled Policy Value: "(1) Safe Browsing is active in the standard mode", or "(2) Safe Browsing is active in the enhanced mode. This mode provides better security, but requires sharing more browsing information with Google".
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If the policy 'SavingBrowserHistoryDisabled' is not shown or is not set to false, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the SavingBrowserHistoryDisabled value name does not exist or its value data is not set to 0, then this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Disable saving browser history Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://settings/help 2. Cross-reference the build information displayed with the Google Chrome site to identify, at minimum, the oldest supported build available. As of July 2019, this is 74.x.x. 3. If the installed version of Chrome is not supported by Google, this is a finding.
Install a supported version of Google Chrome.
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If the policy "AllowDeletingBrowserHistory" is not shown or is not set to false, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "AllowDeletingBrowserHistory" value name does not exist or its value data is not set to "0", this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable deleting browser and download history Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome:// policy 2. If "PromptForDownloadLocation" is not displayed under the "Policy Name" column or it is not set to "true" under the "Policy Value" column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "PromptForDownloadLocation" value name does not exist or its value data is not set to "1", this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Ask where to save each file before downloading Policy State: Enabled Policy Value: N/A
If the system is on the SIPRNet, this requirement is NA. Universal method: 1. In the omnibox (address bar) type chrome:// policy 2. If "DownloadRestrictions" is not displayed under the "Policy Name" column or it is not set to "1" or "2" under the "Policy Value" column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "DownloadRestrictions" value name does not exist or its value data is not set to "1" or "2", then this is a finding.
If the system is on the SIPRNet, this requirement is NA. Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Allow download restrictions Policy State: 1 or 2 Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "SafeBrowsingExtendedReportingEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "SafeBrowsingExtendedReportingEnabled" value name does not exist or its value data is not set to "0", this is a finding.
Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Safe Browsing settings\ Policy Name: Enable Safe Browsing Extended Reporting Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "DefaultWebUsbGuardSetting" is not displayed under the "Policy Name" column or it is not set to "2", this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "DefaultWebUsbGuardSetting" value name does not exist or its value data is not set to "2", this is a finding.
Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings Policy Name: Control use of the WebUSB API Policy State: Enabled Policy Value: 2
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "ChromeCleanupEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. Windows method: 1. Start regedit. 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "ChromeCleanupEnabled" value name does not exist or its value data is not set to "0", this is a finding.
Windows group policy: 1. Open the "group policy editor" tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome Policy Name: Enable Chrome Cleanup on Windows Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "ChromeCleanupReportingEnabled" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "ChromeCleanupReportingEnabled" value name does not exist or its value data is not set to "0", this is a finding.
Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome Policy Name: Control how Chrome Cleanup reports data to Google Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "EnableMediaRouter" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "EnableMediaRouter" value name does not exist or its value data is not set to "0", this is a finding.
Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Google Cast Policy Name: Enable Google Cast Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "AutoplayAllowed" is not displayed under the "Policy Name" column or it is not set to "False", this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "AutoplayAllowed" value name does not exist or its value data is not set to "0", this is a finding.
Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Allow media autoplay Policy State: Disabled Policy Value: N/A
Universal method: 1. In the omnibox (address bar), type chrome://policy. 2. If “AutoplayAllowlist” under the “Policy Name” column may be set to a list of administrator-approved URLs under the “Policy Value” column. This requirement is optional. Windows method: 1. Start regedit. 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the “AutoplayAllowlist” key may contain a list of administrator-approved URLs. This requirement is optional.
Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome - Policy Name: Allow media autoplay on a allowlist of URL patterns. - Policy State: Enabled - Policy Value 1: [*.]mil - Policy Value 2: [*.]gov Note: Policy values are examples.
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "UrlKeyedAnonymizedDataCollectionEnabled" is not displayed under the “Policy Name” column or it is not set to "0" under the “Policy Value” column, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the “UrlKeyedAnonymizedDataCollectionEnabled" value name does not exist or its value data is not set to "0," this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable URL-keyed anonymized data collection Policy State: Disabled Policy Value: NA
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "WebRtcEventLogCollectionAllowed" is not displayed under the “Policy Name” column or it is not set to "0" under the “Policy Value” column, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "WebRtcEventLogCollectionAllowed" value name does not exist or its value data is not set to "0," this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Allow collection of WebRTC event logs from Google services Policy State: Disabled Policy Value: NA
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If the policy "DeveloperToolsAvailability" is not shown or is not set to "2", this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the key "DeveloperToolsAvailability" does not exist or is not set to "2", this is a finding.
Windows group policy: 1. Open the "group policy editor" tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome Policy Name: Control where Developer Tools can be used Policy State: Enabled Policy Value: Disallow usage of the Developer Tools
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If BrowserGuestModeEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the BrowserGuestModeEnabled value name does not exist or its value data is not set to 0, this is a finding.
Windows group policy: 1. Open the "group policy editor" tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable guest mode in browser Policy State: Disabled
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If AutofillCreditCardEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the AutofillCreditCardEnabled value name does not exist or its value data is not set to 0, this is a finding.
Windows group policy: 1. Open the "group policy editor" tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable AutoFill for credit cards Policy State: Disabled
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If AutofillAddressEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the AutofillAddressEnabled value name does not exist or its value data is not set to 0, this is a finding.
Windows group policy: 1. Open the "group policy editor" tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable AutoFill for addresses Policy State: Disabled
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If ImportAutofillFormData is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the ImportAutofillFormData value name does not exist or its value data is not set to 0, this is a finding.
Windows group policy: 1. Open the "group policy editor" tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Import autofill form data from default browser on first run Policy State: Disabled
Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If DefaultWebBluetoothGuardSetting is not displayed under the Policy Name column or it is not set to 2 under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the DefaultWebBluetoothGuardSetting value name does not exist or its value data is not set to 2, then this is a finding.
Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings Policy Name: Control use of the Web Bluetooth API Policy State: Enabled Policy Value: Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API
Universal method: 1. In the omnibox (address bar), type chrome://policy. 2. If QuicAllowed is not displayed under the Policy Name column or it is not set to False under the Policy Value column, this is a finding. Windows method: 1. Start regedit. 2. Navigate to HKLM\Software\Policies\Google\Chrome\. 3. If the QuicAllowed value name does not exist or its value data is not set to 0, this is a finding.
Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google Chrome. - Policy Name: Allow QUIC protocol - Policy State: Disabled - Policy Value: N/A
Universal method: 1. In the omnibox (address bar), type chrome://policy 2. If the policy "DefaultCookiesSetting" is not shown or is not set to "4", this is a finding. Windows method: 1. Start regedit. 2. Navigate to HKLM\Software\Policies\Google\Chrome\DefaultCookiesSetting. 3. If this key does not exist, or is not set to "4", this is a finding.
Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings. - Policy Name: Default cookies setting - Policy State: Enabled - Policy Value: Keep cookies for the duration of the session