TickYouOff
Sign in
Back
🔒

Chrome STIG Hardening

Hard 19 items · 3 hours
testuser's avatar
testuser Published 1 month ago
Security

A practical hardening checklist for securing Google Chrome on Windows using STIG guidance. Ideal for system admins and security teams deploying enterprise policies via GPO or Intune.

Source: https://ncp.nist.gov/checklist/483

Progress
0 / 19
  1. Update Google Chrome to the latest stable version — Ensure the browser is on the most recent security release.
  2. Enable automatic updates via enterprise policy — Configure auto-update to maintain timely security fixes.
  3. Apply GPO or Intune policies to enforce Chrome settings — Deploy the downloaded policy pack to target machines.
  4. Enable Safe Browsing (warn about phishing and malware) — Turn on Google's Safe Browsing protections via policy.
  5. Disable Chrome sync with Google accounts — Prevent data leaving the enterprise account scope.
  6. Disable saving passwords in the browser — Force use of enterprise-approved password managers.
  7. Disable Autofill for addresses and payment methods — Reduce leakage of sensitive form data.
  8. Enable Site Isolation — Improve process separation between sites for security.
  9. Enforce HTTPS-Only mode or block insecure content — Prevent loading of HTTP resources on secure pages.
  10. Block third-party cookies — Limit cross-site tracking and data sharing.
  11. Disable legacy plugins (Flash, NPAPI) and block plugin installs — Remove known insecure plugin attack surface.
  12. Disable insecure or deprecated protocols (TLS 1.0/1.1) — Enforce modern TLS versions via policy or enterprise controls.
  13. Disable pop-ups and redirects — Block unwanted content and malicious redirect chains.
  14. Restrict extension installation (block by default) — Prevent unauthorized extensions from installing.
  15. Whitelist allowed extensions — Permit only vetted extensions via an allowlist.
  16. Block all other extensions not on the allowlist — Enforce blocklist for any non-approved extensions.
  17. Configure homepage/new-tab and prevent unwanted changes — Set a controlled start page or a blank page for endpoints.
  18. Run a SCAP/XCCDF compliance scan and remediate findings — Use automated scan results to verify STIG compliance.
  19. Document exceptions and obtain authorization for deviations — Record any accepted waivers with justification and approvals.
Sign in to save
📝 My Notes