| 2.2.1 (L1) Ensure 'Allow clipboard for these sites' Is Configured | CONFIGURATION MANAGEMENT |
| 2.2.2 (L1) Ensure 'Block clipboard on these sites' Is Configured | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.3 (L1) Ensure 'Default clipboard setting' Is 'Enabled' to 'Deny Permissions' | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.6 (L1) Ensure 'Default geolocation setting' is set to 'Enabled: Do not allow any site to track the users' physical location' | AUDIT AND ACCOUNTABILITY |
| 2.2.7 (L1) Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.12 (L1) Ensure 'Default third-party storage partitioning setting' Is 'Enabled: Disable third-party storage partitioning.' | ACCESS CONTROL |
| 2.2.18 (L1) Ensure 'Allow local file access to file:// URLs on these sites in the PDF Viewer' Is Disabled | ACCESS CONTROL |
| 2.3.1 (L1) Ensure 'Blocks external extensions from being installed' is set to 'Enabled' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.2 (L1) Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.3 (L1) Ensure 'Configure extension installation blocklist' is set to 'Enabled: *' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.6 (L1) Ensure 'Control availability of extensions unpublished on the Chrome Web Store' Is Disabled | RISK ASSESSMENT |
| 2.4.1 Ensure 'Settings for DevTools Generative AI Features' Is Set to 'Enabled:Allow DevTools Generative AI Features without improving AI models' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.4.2 Ensure 'Settings for Help Me Write' Is Set to 'Enabled:Allow help me write without improving AI models' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.4.3 Ensure 'Settings for AI-powered History Search' Is Set to 'Enabled:Allow AI history search without improving AI models' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.4.4 Ensure 'Tab compare settings' Is Set to 'Enabled:Allow Tab Compare without improving AI models' | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 2.5.1 (L1) Ensure 'Enable Google Cast' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.5.2 (L1) Ensure 'Allow Google Cast to connect to Cast devices on all IP addresses' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.6.1 (L1) Ensure 'Cross-origin HTTP Authentication prompts' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.7.1 (L1) Ensure 'Allow automatic sign-in to Microsoft cloud identity providers' Is Enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.9.1 (L1) Ensure 'Enable saving passwords to the password manager' is Explicitly Configured | SYSTEM AND INFORMATION INTEGRITY |
| 2.9.2 (L1) Ensure 'Enable leak detection for entered credentials' Is Set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 2.10.1 (L1) Ensure 'Enable Google Cloud Print Proxy' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.11.1 (L1) Ensure 'Specifies whether to allow websites to make requests to more-private network endpoints' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.12.1 (L1) Ensure 'Enable Related Website Sets' Is Disabled | AUDIT AND ACCOUNTABILITY |
| 2.13.1 (L1) Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.13.2 (L1) Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.13.3 Ensure 'Allow remote access connections to this machine' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.13.4 (L1) Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.13.5 (L1) Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.13.6 (L1) Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.13.7 (L1) Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.14.1 (L1) Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.14.2 (L1) Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Safe Browsing is active in the standard mode.' or higher | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.14.3 (L1) Ensure 'Disable proceeding from the Safe Browsing warning page' is set to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.15 (L1) Ensure 'Ads setting for sites with intrusive ads' is set to 'Enabled: Do not allow ads on sites with intrusive ads' | SYSTEM AND INFORMATION INTEGRITY |
| 2.17 (L1) Ensure 'Enable deleting browser and download history' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 2.19 (L1) Ensure 'Allow Web Authentication requests on sites with broken TLS certificates' Is Disabled | ACCESS CONTROL, AWARENESS AND TRAINING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.20 (L1) Ensure 'Enable alternate error pages' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 2.22 (L1) Ensure 'Allow the audio sandbox to run' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 2.24 (L1) Ensure 'Enable AutoFill for credit cards' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 2.25 (L1) Ensure 'Continue running background apps when Google Chrome is closed' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.26 (L1) Ensure 'Block third party cookies' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 2.28 (L1) Ensure 'Allow queries to a Google time service' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 2.30 (L1) Ensure 'Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.31 (L1) Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.32 (L1) Ensure 'Determine the availability of variations' is set to 'Enable all variations' | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.33 (L1) Ensure 'Clear Browsing Data on Exit' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.34 (L1) Ensure 'Enable security warnings for command-line flags' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 2.35 (L1) Ensure 'Enable component updates in Google Chrome' is set to 'Enabled' | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.36 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled' | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
