CIS Google Chrome L1 v2.1.0

Audit Details

Name: CIS Google Chrome L1 v2.1.0

Updated: 4/12/2023

Authority: CIS

Plugin: Windows

Revision: 1.6

Estimated Item Count: 76

File Details

Filename: CIS_Google_Chrome_L1_v2.1.0.audit

Size: 148 kB

MD5: 2ab4a07555059cee26f654f4542d2a04
SHA256: 6fff065e2bb7ff601bd47e8f2528033e96cf0c83f8ec93b744ae0bc2fed6afd1

Audit Items

DescriptionCategories
1.1.1 Ensure 'Cross-origin HTTP Authentication prompts' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.2.1 Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.2.2 Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Standard Protection' or higher

SYSTEM AND COMMUNICATIONS PROTECTION

1.3 Ensure 'Allow Google Cast to connect to Cast devices on all IP addresses' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.4 Ensure 'Allow queries to a Google time service' is set to 'Enabled'

AUDIT AND ACCOUNTABILITY

1.5 Ensure 'Allow the audio sandbox to run' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.6 Ensure 'Ask where to save each file before downloading' is set to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.7 Ensure 'Continue running background apps when Google Chrome is closed' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.9 Ensure 'Determine the availability of variations' is set to 'Disabled'

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.10 Ensure 'Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.11 Ensure 'Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.12 Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.13 Ensure 'Disable saving browser history' is set to 'Disabled'

SYSTEM AND INFORMATION INTEGRITY

1.14 Ensure 'DNS interception checks enabled' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.15 Ensure 'Enable component updates in Google Chrome' is set to 'Enabled'

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

1.16 Ensure 'Enable globally scoped HTTP auth cache' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.17 Ensure 'Enable online OCSP/CRL checks' is set to 'Disabled'

IDENTIFICATION AND AUTHENTICATION

1.18 Ensure 'Enable Renderer Code Integrity' is set to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.19 Ensure 'Enable security warnings for command-line flags' is set to 'Enabled'

CONFIGURATION MANAGEMENT

1.20 Ensure 'Enable third party software injection blocking' is set to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.21 Ensure 'Enables managed extensions to use the Enterprise Hardware Platform API' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.22 Ensure 'Ephemeral profile' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.23 Ensure 'Import autofill form data from default browser on first run' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.24 Ensure 'Import of homepage from default browser on first run' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.25 Ensure 'Import search engines from default browser on first run' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.26 Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.27 Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled'

CONFIGURATION MANAGEMENT

1.28 Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled'

SYSTEM AND COMMUNICATIONS PROTECTION

1.29 Ensure 'Suppress the unsupported OS warning' is set to 'Disabled'

SYSTEM AND SERVICES ACQUISITION

1.30 Ensure 'URLs for which local IPs are exposed in WebRTC ICE candidates' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.1.1 Ensure 'Update policy override' is set to 'Enabled' with 'Always allow updates (recommended)' or 'Automatic silent updates' specified

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

2.2.1 Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content'

SYSTEM AND COMMUNICATIONS PROTECTION

2.3.1 Ensure 'Blocks external extensions from being installed' is set to 'Enabled'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.2 Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme' - extension

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.2 Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme' - hosted_app

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.2 Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme' - platform_app

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.2 Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme' - theme

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.3.3 Ensure 'Configure extension installation blocklist' is set to 'Enabled: *'

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

2.4.1 Ensure 'Supported authentication schemes' is set to 'Enabled: ntlm, negotiate'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.6.1 Ensure 'Enable saving passwords to the password manager' is Explicitly Configured

CONFIGURATION MANAGEMENT

2.7.1 Ensure 'Enable Google Cloud Print Proxy' is set to 'Disabled'

CONFIGURATION MANAGEMENT

2.8.1 Ensure 'Allow remote access connections to this machine' is set to 'Disabled'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.8.2 Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.8.3 Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.8.4 Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.8.5 Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.8.6 Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled'

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.8.7 Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'.

ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.9 Ensure 'Allow download restrictions' is set to 'Enabled: Block dangerous downloads'

SYSTEM AND INFORMATION INTEGRITY

2.11 Ensure 'Disable proceeding from the Safe Browsing warning page' is set to 'Enabled'

SYSTEM AND COMMUNICATIONS PROTECTION