| 1.1.1 Ensure 'Cross-origin HTTP Authentication prompts' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.2.1 Ensure 'Configure the list of domains on which Safe Browsing will not trigger warnings' is set to 'Disabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2.2 Ensure 'Safe Browsing Protection Level' is set to 'Enabled: Safe Browsing is active in the standard mode.' or higher | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.3 Ensure 'Allow Google Cast to connect to Cast devices on all IP addresses' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.4 Ensure 'Allow queries to a Google time service' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 1.5 Ensure 'Allow the audio sandbox to run' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 1.6 Ensure 'Ask where to save each file before downloading' is set to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Ensure 'Continue running background apps when Google Chrome is closed' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.9 Ensure 'Determine the availability of variations' is set to 'Enable all variations' | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.10 Ensure 'Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.11 Ensure 'Disable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.12 Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.13 Ensure 'Disable saving browser history' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.14 Ensure 'DNS interception checks enabled' is set to 'Enabled' | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.15 Ensure 'Enable component updates in Google Chrome' is set to 'Enabled' | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.16 Ensure 'Enable globally scoped HTTP auth cache' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.17 Ensure 'Enable online OCSP/CRL checks' is set to 'Disabled' | IDENTIFICATION AND AUTHENTICATION |
| 1.18 Ensure 'Enable security warnings for command-line flags' is set to 'Enabled' | AUDIT AND ACCOUNTABILITY |
| 1.19 Ensure 'Enable third party software injection blocking' is set to 'Enabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.20 Ensure 'Enables managed extensions to use the Enterprise Hardware Platform API' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.21 Ensure 'Ephemeral profile' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.22 Ensure 'Import autofill form data from default browser on first run' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.23 Ensure 'Import of homepage from default browser on first run' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.24 Ensure 'Import search engines from default browser on first run' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 1.25 Ensure 'List of names that will bypass the HSTS policy check' is set to 'Disabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.26 Ensure 'Origins or hostname patterns for which restrictions on insecure origins should not apply' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 1.27 Ensure 'Suppress lookalike domain warnings on domains' is set to 'Disabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.28 Ensure 'Suppress the unsupported OS warning' is set to 'Disabled' | SYSTEM AND SERVICES ACQUISITION |
| 1.29 Ensure 'URLs for which local IPs are exposed in WebRTC ICE candidates' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 2.1.1 Ensure 'Update policy override' is set to 'Enabled' with 'Always allow updates (recommended)' or 'Automatic silent updates' specified | RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY |
| 2.1.2 Ensure 'Auto-update check period override' is set to any value except '0' | SYSTEM AND INFORMATION INTEGRITY |
| 2.2.1 Ensure 'Control use of insecure content exceptions' is set to 'Enabled: Do not allow any site to load mixed content' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.5 Ensure 'Allow local file access to file:// URLs on these sites in the PDF Viewer' Is Disabled | ACCESS CONTROL |
| 2.3.1 Ensure 'Blocks external extensions from being installed' is set to 'Enabled' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.2 Ensure 'Configure allowed app/extension types' is set to 'Enabled: extension, hosted_app, platform_app, theme' - extension | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.3 Ensure 'Configure extension installation blocklist' is set to 'Enabled: *' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3.5 Ensure 'Block third-party storage partitioning for these origins' Is Configured | SYSTEM AND INFORMATION INTEGRITY |
| 2.3.7 Ensure 'Control availability of extensions unpublished on the Chrome Web Store' Is Disabled | RISK ASSESSMENT |
| 2.6.1 Ensure 'Enable saving passwords to the password manager' is Explicitly Configured | SYSTEM AND INFORMATION INTEGRITY |
| 2.7.1 Ensure 'Enable Google Cloud Print Proxy' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 2.8.1 Ensure 'Allow remote access connections to this machine' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.2 Ensure 'Allow remote users to interact with elevated windows in remote assistance sessions' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.3 Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.4 Ensure 'Enable curtaining of remote access hosts' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.5 Ensure 'Enable firewall traversal from remote access host' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.6 Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled' | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.8.7 Ensure 'Enable the use of relay servers by the remote access host' is set to 'Disabled'. | ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY |
| 2.9.1 Ensure 'Enable First-Party Sets' Is Disabled | AUDIT AND ACCOUNTABILITY |
| 2.10.1 Ensure 'Allow automatic sign-in to Microsoft cloud identity providers' Is Enabled | SYSTEM AND INFORMATION INTEGRITY |
| 2.11 Ensure 'Allow download restrictions' is set to 'Enabled: Block malicious downloads' | AUDIT AND ACCOUNTABILITY |
