| 1.1.1 (L1) Ensure 'Cross-origin HTTP Authentication prompts' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.2.1 (L1) Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.2 (L1) Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Safe Browsing is active in the standard mode.' or higher | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3 (L1) Ensure 'Allow Google Cast to connect to Cast devices on all IP addresses' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.4 (L1) Ensure 'Allow queries to a Google time service' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 1.5 (L1) Ensure 'Allow the audio sandbox to run' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 1.6 (L1) Ensure 'Ask where to save each file before downloading' is set to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 (L1) Ensure 'Continue running background apps when Google Chrome is closed' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.9 (L1) Ensure 'Determine the availability of variations' is set to 'Enable all variations' | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.10 (L1) Ensure 'Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.11 (L1) Ensure 'Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.12 (L1) Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.13 (L1) Ensure 'Disable saving browser history' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.14 (L1) Ensure 'DNS interception checks enabled' is set to 'Enabled' | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.15 (L1) Ensure 'Enable component updates in Google Chrome' is set to 'Enabled' | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.16 (L1) Ensure 'Enable globally scoped HTTP auth cache' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.17 (L1) Ensure 'Enable online OCSP/CRL checks' is set to 'Disabled' | IDENTIFICATION AND AUTHENTICATION |
| 1.18 (L1) Ensure 'Enable security warnings for command-line flags' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 1.19 (L1) Ensure 'Enable third party software injection blocking' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.20 (L1) Ensure 'Enables managed extensions to use the Enterprise Hardware Platform API' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.21 (L1) Ensure 'Ephemeral profile' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.22 (L1) Ensure 'Import autofill form data from default browser on first run' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.23 (L1) Ensure 'Import of homepage from default browser on first run' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.24 (L1) Ensure 'Import search engines from default browser on first run' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.25 (L1) Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.26 (L1) Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.27 (L1) Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.28 (L1) Ensure 'Suppress the unsupported OS warning' is set to 'Disabled' | SYSTEM AND SERVICES ACQUISITION |
| 1.29 (L1) Ensure 'URLs for which local IPs are exposed in WebRTC ICE candidates' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1 (L1) Ensure 'Update policy override' is set to 'Enabled' with 'Always allow updates (recommended)' or 'Automatic silent updates' specified | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.2 (L1) Ensure 'Auto-update check period override' is set to any value except '0' | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.1 (L1) Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.5 (L1) Ensure 'Allow local file access to file:// URLs on these sites in the PDF Viewer' Is Disabled | ACCESS CONTROL |
| 2.3.1 (L1) Ensure 'Blocks external extensions from being installed' is set to 'Enabled' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.2 (L1) Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.3 (L1) Ensure 'Configure extension installation blocklist' is set to 'Enabled: *' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5 (L1) Ensure 'Block third-party storage partitioning for these origins' Is Configured | SYSTEM AND INFORMATION INTEGRITY |
| 2.3.7 (L1) Ensure 'Control availability of extensions unpublished on the Chrome Web Store' Is Disabled | RISK ASSESSMENT |
| 2.6.1 (L1) Ensure 'Enable saving passwords to the password manager' is Explicitly Configured | SYSTEM AND INFORMATION INTEGRITY |
| 2.7.1 (L1) Ensure 'Enable Google Cloud Print Proxy' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.8.1 Ensure 'Allow remote access connections to this machine' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.2 (L1) Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.3 (L1) Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.4 (L1) Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.5 (L1) Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.6 (L1) Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.7 (L1) Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.9.1 (L1) Ensure 'Enable First-Party Sets' Is Disabled | AUDIT AND ACCOUNTABILITY |
| 2.10.1 (L1) Ensure 'Allow automatic sign-in to Microsoft cloud identity providers' Is Enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.11 (L1) Ensure 'Allow download restrictions' is set to 'Enabled: Block malicious downloads' | AUDIT AND ACCOUNTABILITY |
