1.12 Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled'

Information

Google Chrome can specify URLs/hostnames for which Certificate Transparency will not be enforced. If this setting is disabled, no URLs are excluded from Certificate Transparency requirements.

The recommended state for this setting is: Disabled (0)

Rationale:

Certificates that are required to be disclosed via Certificate Transparency shall be treated for all URLs as untrusted if they are not disclosed according to the Certificate Transparency policy.

Impact:

None - This is the default behavior.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Google\Google Chrome\Disable Certificate Transparency enforcement for a list of URLs

Default Value:

Unset (Same as Disabled, but user can change)

See Also

https://workbench.cisecurity.org/files/3653

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Windows

Control ID: 48fc6be81c6d0c33531c981911d83b649158a52e5468a1271e45506eba237184