1.69 Ensure 'Control use of the Serial API' is set to 'Enable: Do not allow any site to request access to serial ports via the Serial API'

Information

This policy setting configures whether websites can access the systems serial ports.

Note: If more granular control is needed (per website) then this setting can be used in combination with the SerialAllowAllPortsForUrls (Allow the Serial API on specific sites), SerialAskForUrls and SerialBlockedForUrls (Block the Serial API on specific sites) settings. For example, SerialAllowAllPortsForUrls can be used to allow serial port access to specific sites. Please see the references below for more information.

The recommended state for this setting is Enable: Do not allow any site to request access to serial ports via the Serial API.

Rationale:

Preventing access to system serial ports may prevent malicious sites from using these ports and accessing attached devices.

Impact:

Legitimate websites that need access to the Serial API will be denied access.

Solution

To establish the recommended configuration via GP, set the following UI path to Enable: Do not allow any site to request access to serial ports via the Serial API:

Computer Configuration\Policies\Administrative Templates\Microsoft Edge\Control use of the Serial API

Note: This Group Policy path may not exist by default. It is provided by the Group Policy template MSEdge.admx/adml that can be downloaded from: Download Microsoft Edge for Business - Microsoft.

Default Value:

AskSerial (3) = Allow sites to ask for user permission to access a serial port (Websites can ask users whether they can access a serial port, and users can change this setting.)

See Also

https://workbench.cisecurity.org/benchmarks/11865

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|CM-11, 800-53|SC-18, CSCv7|7.2

Plugin: Windows

Control ID: e87dd85c3cae4dae7d757ecf45d0106cf19c6743a1b5cefd780e256e8ecc096a