2.8.3 Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined

Information

Chrome allows the configuration of a list domain(s) that are allowed to access the user's system. When enabled, remote systems can only connect if they are one of specified domains listed.

Setting this to an empty list (Disabled) allows remote systems from any domain to connect to this users system.

The recommended state for this setting is: Enabled (1) and at least one domain set

NOTE: The list of domains is organization specific.

Rationale:

Remote assistance connections shall be restricted.

Impact:

If this setting is enabled, only systems from the specified domains can connect to the user's system.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Enabled and enter an organizational specific domain(s) (e.g. nodomain.local):

Computer Configuration\Polices\Administrative Templates\Google\Google Chrome\Remote access\Configure the required domain names for remote access clients

Default Value:

Unset (Same as Disabled, but user can change)

See Also

https://workbench.cisecurity.org/files/3653

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-17, 800-53|AC-17(1), 800-53|SC-7, 800-53|SI-4, CSCv7|12.12

Plugin: Windows

Control ID: ce2209b25e59644df7e88c6373da37b5df2edea3e8a89171bd7f6d16f13ef9f6