Detections
Analytics

CIS Google Chrome L1 v2.1.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Google Chrome L1 v2.1.0

Updated: 6/17/2024

Authority: CIS

Plugin: Windows

Revision: 1.8

Estimated Item Count: 76

File Details

Filename: CIS_Google_Chrome_L1_v2.1.0.audit

Size: 123 kB

MD5: 26977ed8e8afe3dcc2d2634450364aea
SHA256: 1969be8e0ef25ad150edb00a03dee7e9be9eb964db6081eb3400072fdfecf2ae

Audit Items

DescriptionCategories
1.1.1 Ensure 'Cross-origin HTTP Authentication prompts' is set to 'Disabled'
1.2.1 Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled'
1.2.2 Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Standard Protection' or higher
1.3 Ensure 'Allow Google Cast to connect to Cast devices on all IP addresses' is set to 'Disabled'
1.4 Ensure 'Allow queries to a Google time service' is set to 'Enabled'
1.5 Ensure 'Allow the audio sandbox to run' is set to 'Enabled'
1.6 Ensure 'Ask where to save each file before downloading' is set to 'Enabled'
1.7 Ensure 'Continue running background apps when Google Chrome is closed' is set to 'Disabled'
1.9 Ensure 'Determine the availability of variations' is set to 'Disabled'
1.10 Ensure 'Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities' is set to 'Disabled'
1.11 Ensure 'Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes' is set to 'Disabled'
1.12 Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled'
1.13 Ensure 'Disable saving browser history' is set to 'Disabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.14 Ensure 'DNS interception checks enabled' is set to 'Enabled'
1.15 Ensure 'Enable component updates in Google Chrome' is set to 'Enabled'

SYSTEM AND INFORMATION INTEGRITY

1.16 Ensure 'Enable globally scoped HTTP auth cache' is set to 'Disabled'
1.17 Ensure 'Enable online OCSP/CRL checks' is set to 'Disabled'
1.18 Ensure 'Enable Renderer Code Integrity' is set to 'Enabled'
1.19 Ensure 'Enable security warnings for command-line flags' is set to 'Enabled'
1.20 Ensure 'Enable third party software injection blocking' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.21 Ensure 'Enables managed extensions to use the Enterprise Hardware Platform API' is set to 'Disabled'
1.22 Ensure 'Ephemeral profile' is set to 'Disabled'
1.23 Ensure 'Import autofill form data from default browser on first run' is set to 'Disabled'
1.24 Ensure 'Import of homepage from default browser on first run' is set to 'Disabled'
1.25 Ensure 'Import search engines from default browser on first run' is set to 'Disabled'
1.26 Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled'
1.27 Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.28 Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled'
1.29 Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.30 Ensure 'URLs for which local IPs are exposed in WebRTC ICE candidates' is set to 'Disabled'
2.1.1 Ensure 'Update policy override' is set to 'Enabled' with 'Always allow updates (recommended)' or 'Automatic silent updates' specified

CONFIGURATION MANAGEMENT

2.2.1 Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content'
2.3.1 Ensure 'Blocks external extensions from being installed' is set to 'Enabled'
2.3.2 Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme' - extension

CONFIGURATION MANAGEMENT

2.3.2 Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme' - hosted_app

CONFIGURATION MANAGEMENT

2.3.2 Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme' - platform_app

CONFIGURATION MANAGEMENT

2.3.2 Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme' - theme

CONFIGURATION MANAGEMENT

2.3.3 Ensure 'Configure extension installation blocklist' is set to 'Enabled: *'
2.4.1 Ensure 'Supported authentication schemes' is set to 'Enabled: ntlm, negotiate'

ACCESS CONTROL

2.6.1 Ensure 'Enable saving passwords to the password manager' is Explicitly Configured

CONFIGURATION MANAGEMENT

2.7.1 Ensure 'Enable Google Cloud Print Proxy' is set to 'Disabled'

ACCESS CONTROL

2.8.1 Ensure 'Allow remote access connections to this machine' is set to 'Disabled'
2.8.2 Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled'
2.8.3 Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined
2.8.4 Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled'
2.8.5 Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled'
2.8.6 Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled'
2.8.7 Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'.
2.9 Ensure 'Allow download restrictions' is set to 'Enabled: Block dangerous downloads'

SYSTEM AND COMMUNICATIONS PROTECTION

2.11 Ensure 'Disable proceeding from the Safe Browsing warning page' is set to 'Enabled'

CONFIGURATION MANAGEMENT