DTBC-0002 - Site tracking users location must be disabled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Website tracking is the practice of gathering information as to which websites were accesses by a browser. The common method of doing this is to have a website create a tracking cookie on the browser. If the information of what sites are being accessed is made available to unauthorized persons, this violates confidentiality requirements, and over time poses a significant OPSEC issue. This policy setting allows you to set whether websites are allowed to track the user's physical location. Tracking the user's physical location can be allowed by default, denied by default or the user can be asked every time a website requests the physical location.
1 = Allow sites to track the user's physical location
2 = Do not allow any site to track the user's physical location
3 = Ask whenever a site wants to track the user's physical location

Solution

Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings\
Policy Name: Default geolocation setting
Policy State: Enabled
Policy Value: Do not allow any site to track the users' physical location

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Chrome_V2R8_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001166, Rule-ID|SV-221559r615937_rule, STIG-ID|DTBC-0002, STIG-Legacy|SV-57557, STIG-Legacy|V-44723, Vuln-ID|V-221559

Plugin: Windows

Control ID: 37c8d01fe849534e1607eaf2d7d70ba32a6c655b8064061e76daa421fed72cf4