Google Chrome Current Windows Security Technical Implementation Guide


Overview

Date Finding Count (44)
2020-09-22 CAT I (High): 1 CAT II (Med): 42 CAT III (Low): 1
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-221568 High The running of outdated plugins must be disabled.
V-221574 Medium Network prediction must be disabled.
V-221575 Medium Metrics reporting to Google must be disabled.
V-221576 Medium Search suggestions must be disabled.
V-221577 Medium Importing of saved passwords must be disabled.
V-221570 Medium Background processing must be disabled.
V-221571 Medium Google Data Synchronization must be disabled.
V-221572 Medium The URL protocol schema javascript must be disabled.
V-221573 Medium Cloud print sharing must be disabled.
V-221578 Medium Incognito mode must be disabled.
V-221579 Medium Online revocation checks must be done.
V-221589 Medium Chrome must be configured to allow only TLS.
V-221588 Medium Download restrictions must be configured.
V-221581 Medium Browser history must be saved.
V-221580 Medium Safe Browsing must be enabled,
V-221583 Medium Session only based cookies must be disabled.
V-221582 Medium Default behavior must block webpages from automatically running plugins.
V-221585 Medium URLs must be whitelisted for plugin use
V-221584 Medium The version of Google Chrome running on the system must be a supported version.
V-221587 Medium Prompt for download location must be enabled.
V-221586 Medium Deletion of browser history must be disabled.
V-221559 Medium Site tracking users location must be disabled.
V-221567 Medium The Password Manager must be disabled.
V-221566 Medium Default search provider must be enabled.
V-221565 Medium The default search provider URL must be set to perform encrypted searches.
V-221564 Medium The default search providers name must be set.
V-221563 Medium Extensions that are approved for use must be whitelisted.
V-221562 Medium Extensions installation must be blacklisted by default.
V-221561 Medium Sites ability to show pop-ups must be disabled.
V-226404 Medium Import AutoFill form data must be disabled.
V-226401 Medium Guest Mode must be disabled.
V-221558 Medium Firewall traversal from remote host must be disabled.
V-226403 Medium AutoFill for addresses must be disabled.
V-226402 Medium AutoFill for credit cards must be disabled.
V-221596 Medium URLs must be whitelisted for Autoplay use.
V-221597 Medium Anonymized data collection must be disabled.
V-221594 Medium Google Cast must be disabled.
V-221595 Medium Autoplay must be disabled.
V-221592 Medium Chrome Cleanup must be disabled.
V-221593 Medium Chrome Cleanup reporting must be disabled.
V-221590 Medium Safe Browsing Extended Reporting must be disabled.
V-221591 Medium WebUSB must be disabled.
V-221598 Medium Collection of WebRTC event logs must be disabled.
V-221599 Low Chrome development tools must be disabled.