Skip to content

III - Administrative Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000039

    <GroupDescription></GroupDescription>
    Group
  • Firewall traversal from remote host must be disabled.

    &lt;VulnDiscussion&gt;Remote connections should never be allowed that bypass the firewall, as there is no way to verify if they can be trusted. Ena...
    Rule Medium Severity
  • SRG-APP-000206

    <GroupDescription></GroupDescription>
    Group
  • Site tracking users location must be disabled.

    &lt;VulnDiscussion&gt;Website tracking is the practice of gathering information as to which websites were accesses by a browser. The common method ...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Sites ability to show pop-ups must be disabled.

    &lt;VulnDiscussion&gt;Chrome allows you to manage whether unwanted pop-up windows appear. Pop-up windows that are opened when the end user clicks a...
    Rule Medium Severity
  • SRG-APP-000089

    <GroupDescription></GroupDescription>
    Group
  • Extensions installation must be blocklisted by default.

    &lt;VulnDiscussion&gt;Extensions are developed by third party sources and are designed to extend Google Chrome's functionality. An extension can be...
    Rule Medium Severity
  • SRG-APP-000210

    <GroupDescription></GroupDescription>
    Group
  • Extensions that are approved for use must be allowlisted.

    &lt;VulnDiscussion&gt;The allowlist should only contain organizationally approved extensions. This is to prevent a user from accidently allowlisitn...
    Rule Low Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • The default search providers name must be set.

    &lt;VulnDiscussion&gt;Specifies the name of the default search provider that is to be used, if left empty or not set, the host name specified by th...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • The default search provider URL must be set to perform encrypted searches.

    &lt;VulnDiscussion&gt;Specifies the URL of the search engine used when doing a default search. The URL should contain the string '{searchTerms}', w...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Default search provider must be enabled.

    &lt;VulnDiscussion&gt;Policy enables the use of a default search provider. If you enable this setting, a default search is performed when the user ...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • The Password Manager must be disabled.

    &lt;VulnDiscussion&gt;Enables saving passwords and using saved passwords in Google Chrome. Malicious sites may take advantage of this feature by us...
    Rule Medium Severity
  • SRG-APP-000112

    <GroupDescription></GroupDescription>
    Group
  • Background processing must be disabled.

    &lt;VulnDiscussion&gt;Determines whether a Google Chrome process is started on OS login that keeps running when the last browser window is closed, ...
    Rule Medium Severity
  • SRG-APP-000047

    <GroupDescription></GroupDescription>
    Group
  • Google Data Synchronization must be disabled.

    &lt;VulnDiscussion&gt;Disables data synchronization in Google Chrome using Google-hosted synchronization services and prevents users from changing ...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • The URL protocol schema javascript must be disabled.

    &lt;VulnDiscussion&gt;Each access to a URL is handled by the browser according to the URL's "scheme". The "scheme" of a URL is the section before t...
    Rule Medium Severity
  • SRG-APP-000047

    <GroupDescription></GroupDescription>
    Group
  • Cloud print sharing must be disabled.

    &lt;VulnDiscussion&gt;Policy enables Google Chrome to act as a proxy between Google Cloud Print and legacy printers connected to the machine. If th...
    Rule Medium Severity
  • SRG-APP-000516

    <GroupDescription></GroupDescription>
    Group
  • Network prediction must be disabled.

    &lt;VulnDiscussion&gt;Enables network prediction in Google Chrome and prevents users from changing this setting. If you enable or disable this sett...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Metrics reporting to Google must be disabled.

    &lt;VulnDiscussion&gt;Enables anonymous reporting of usage and crash-related data about Google Chrome to Google and prevents users from changing th...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Search suggestions must be disabled.

    &lt;VulnDiscussion&gt;Search suggestion should be disabled as it could lead to searches being conducted that were never intended to be made. Enable...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Importing of saved passwords must be disabled.

    &lt;VulnDiscussion&gt;Importing of saved passwords should be disabled as it could lead to unencrypted account passwords stored on the system from a...
    Rule Medium Severity
  • SRG-APP-000080

    <GroupDescription></GroupDescription>
    Group
  • Incognito mode must be disabled.

    &lt;VulnDiscussion&gt;Incognito mode allows the user to browse the Internet without recording their browsing history/activity. From a forensics pe...
    Rule Medium Severity
  • SRG-APP-000605

    <GroupDescription></GroupDescription>
    Group
  • Online revocation checks must be performed.

    &lt;VulnDiscussion&gt;By setting this policy to true, the previous behavior is restored and online OCSP/CRL checks will be performed. If the policy...
    Rule Medium Severity
  • SRG-APP-000206

    <GroupDescription></GroupDescription>
    Group
  • Safe Browsing must be enabled.

    &lt;VulnDiscussion&gt;Allows you to control whether Google Chrome's Safe Browsing feature is enabled and the mode it operates in. If this policy i...
    Rule Medium Severity
  • SRG-APP-000231

    <GroupDescription></GroupDescription>
    Group
  • Browser history must be saved.

    &lt;VulnDiscussion&gt;This policy disables saving browser history in Google Chrome and prevents users from changing this setting. If this setting i...
    Rule Medium Severity
  • SRG-APP-000456

    <GroupDescription></GroupDescription>
    Group
  • The version of Google Chrome running on the system must be a supported version.

    &lt;VulnDiscussion&gt;Google Chrome is being continually updated by the vendor in order to address identified security vulnerabilities. Running an ...
    Rule Medium Severity
  • SRG-APP-000089

    <GroupDescription></GroupDescription>
    Group
  • Deletion of browser history must be disabled.

    &lt;VulnDiscussion&gt;Disabling this function will prevent users from deleting their browsing history, which could be used to identify malicious we...
    Rule Medium Severity
  • SRG-APP-000089

    <GroupDescription></GroupDescription>
    Group
  • Prompt for download location must be enabled.

    &lt;VulnDiscussion&gt;If the policy is enabled, the user will be asked where to save each file before downloading. If the policy is disabled, downl...
    Rule Medium Severity
  • SRG-APP-000089

    <GroupDescription></GroupDescription>
    Group
  • Download restrictions must be configured.

    &lt;VulnDiscussion&gt;Configure the type of downloads that Google Chrome will completely block, without letting users override the security decisio...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules