Upstream STIG for Google Chromium
Rules and Groups employed by this XCCDF Profile
-
Chromium
Chromium is an open-source web browser, powered by WebKit (Blink), and developed by Google. Web browsers such as Chromium are used for a number of ...Group -
Disable All Extensions by Default
Extensions are developed by third party sources and are designed to extend Google Chromium's functionality. As an extension can be made by anyone,...Rule Unknown Severity -
Prevent Desktop Notifications
Chromium by default allows websites to display notifications on the desktop. To disable this setting, set <code>DefaultNotificationsSetting</code> ...Rule Unknown Severity -
Enable Online OCSP/CRL Certificate Checks
Certificates can become compromised, and Chromium should check that the certificates in its store are valid by setting <code>EnableOnlineRevocation...Rule Unknown Severity -
Block Plugins by Default
By default, websites are allowed to automatically run plugins. Users should be prompted to allow plugins to execute plugins by setting <code>Defaul...Rule Unknown Severity -
Enable the Default Search Provider
By default users, can change search provider settings. To disable this, set <code>DefaultSearchProviderEnabled</code> to <code>true</code> in the C...Rule Unknown Severity -
Set the Default Search Provider's URL
Specifies the URL of the default search provider that is to be used. To set the URL of the default search provider, set <code>DefaultSearchProvider...Rule Unknown Severity -
Disable the 3D Graphics APIs
Chromium uses WebGL to render graphics using the GPU which allows website access to the GPU. This should be disabled by setting <code>Disable3DAPIs...Rule Unknown Severity -
Disable the AutoFill Feature
The AutoFill feature suggests possible matches when users are filling in forms. To disable the AutoFill feature, set <code>AutoFillEnabled</code> t...Rule Unknown Severity -
Disable Automatic Search And Installation of Plugins
Chromium will automatically detect, search, and install plugins as required. This should be disabled by setting <code>DisablePluginFinder</code> to...Rule Unknown Severity -
Disable Background Processing
Chromium can be set to run at all times and process in the background. This should be disabled by setting <code>BackgroundModeEnabled</code> to <co...Rule Unknown Severity -
Disable Use of Cleartext Passwords
Chromium allows users to import and store passwords in cleartext. This should be disabled by setting <code>PasswordManagerAllowShowPasswords</code...Rule Unknown Severity -
Disable Cloud Print Sharing
Chromium has cloud sharing capabilities including sharing printers connected to the system. This is done via a proxy. To disable printer sharing, s...Rule Unknown Severity -
Disable Chromium's Ability to Traverse Firewalls
Chromium has the ability to bypass and ignore the system firewall. This ability should be disabled. To disable this setting, set <code>RemoteAcces...Rule Unknown Severity -
Disable Data Synchronization to Google
SyncDisabledtotruein the Chromium policy file.Rule Unknown Severity -
Disable Incognito Mode
Incognito Mode allows users to browse in private which prevents monitoring and validating user browsing habits. This capability should be disabled ...Rule Unknown Severity -
Disable Metrics Reporting
Whenever Chromium crashes, it sends its usage and crash-related data to Google. This should be disabled by setting <code>MetricsReportingEnabled</c...Rule Unknown Severity -
Disable Network Prediction
To disable the network prediction feature, setDnsPrefetchingEnabledtofalsein the Chromium policy file.Rule Unknown Severity -
Disable Outdated Plugins
Outdated plugins should be disabled by settingAllowOutdatedPluginstofalsein the Chromium policy file.Rule Unknown Severity -
Disable Chromium Password Manager
Chromium Password Manager allows the saving and using of passwords in Chromium. This should be disabled by setting <code>PasswordManagerEnabled</co...Rule Unknown Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.