| 1.8 Ensure 'Control SafeSites adult content filtering' is set to 'Enabled: Filter top level sites (but not embedded iframes) for adult content' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.2.2 Ensure 'Control use of the Web Bluetooth API' is set to 'Enabled: Do not allow any site to request access to Bluetooth devices via the Web Bluetooth API' | CONFIGURATION MANAGEMENT |
| 2.2.3 Ensure 'Control use of the WebUSB API' is set to 'Enabled: Do not allow any site to request access to USB devices via the WebUSB API' | CONFIGURATION MANAGEMENT |
| 2.2.4 Ensure 'Default notification setting' is set to 'Enabled: Do not allow any site to show desktop notifications' | CONFIGURATION MANAGEMENT |
| 2.3.4 Ensure 'Default third-party storage partitioning setting' Is Enabled and Blocked | ACCESS CONTROL |
| 2.3.6 Ensure 'Control Manifest v2 extension availability' Is Set to Forced Only | RISK ASSESSMENT |
| 2.4.1 Ensure 'Supported authentication schemes' is set to 'Enabled: ntlm, negotiate' | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5.1 Ensure 'Configure native messaging blocklist' is set to 'Enabled: *' | CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.12 Ensure 'Allow proceeding from the SSL warning page' is set to 'Disabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.15 Ensure 'Force Google SafeSearch' is set to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.18 Ensure 'Require online OCSP/CRL checks for local trust anchors' is set to 'Enabled' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.23 Ensure 'Determines whether the built-in certificate verifier will enforce constraints encoded into trust anchors loaded from the platform trust store' Is Enabled | CONFIGURATION MANAGEMENT |
| 3.1.1 Ensure 'Default cookies setting' is set to 'Enabled: Keep cookies for the duration of the session' | CONFIGURATION MANAGEMENT |
| 3.5 Ensure 'Browser sign in settings' is set to 'Enabled: Disabled browser sign-in' | SYSTEM AND INFORMATION INTEGRITY |
| 3.14 Ensure 'Enable search suggestions' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 3.15 Ensure 'Enable Translate' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 4.1.1 Ensure 'Allow or deny screen capture' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 4.2.1 Ensure 'Control use of the Serial API' is set to 'Enabled: Do not allow any site to request access to serial ports via the Serial API' | CONFIGURATION MANAGEMENT |
| 4.2.2 Ensure 'Default Sensors Setting' is set to 'Enabled: Do not allow any site to access sensors' | CONFIGURATION MANAGEMENT |
| 4.2.6 Ensure 'Default Window Management permissions setting' Is 'Enabled' to 'Deny Permission' | SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.2.7 Ensure 'Allow Window Management permission on these sites' Is Configured | ACCESS CONTROL |
| 4.2.8 Ensure 'Block Window Management permission on these sites' Is Configured | ACCESS CONTROL |
| 4.3 Ensure 'Allow invocation of file selection dialogs' is set to 'Disabled' | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 4.4 Ensure 'Allow or deny audio capture' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 4.5 Ensure 'Allow or deny video capture' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 4.7 Ensure 'Controls the mode of DNS-over-HTTPS' is set to 'Enabled: DNS-over-HTTPS without insecure fallback' | ACCESS CONTROL, AWARENESS AND TRAINING, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.8 Ensure 'Enable AutoFill for addresses' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 4.12 Ensure 'Allow or deny screen capture' is set to 'Disabled' | CONFIGURATION MANAGEMENT |
| 5.1 Ensure 'Enable guest mode in browser' is set to 'Disabled' | SYSTEM AND INFORMATION INTEGRITY |
| 5.2 Ensure 'Incognito mode availability' is set to 'Enabled: Incognito mode disabled' | AUDIT AND ACCOUNTABILITY |
| CIS_Google_Chrome_L2_v3.0.0.audit from CIS Google Chrome Benchmark v3.0.0 | |
