TickYouOff
Sign in
Back
🔒

Google Chrome STIG for Windows (V2 R11)

Hard 19 items · 2 hours
testuser's avatar
testuser Published 2 months ago
Security

This checklist converts the Google Chrome Browser STIG (Version 2, Release 11) into a practical, step-by-step hardening and deployment plan for managed Windows environments. It’s designed for IT administrators, security engineers, and desktop support teams who must apply DISA STIG requirements via GPOs, Intune, or auditing tools.

Source: https://ncp.nist.gov/checklist/483

Progress
0 / 19
  1. Download latest STIG resources from DISA — Get SCAP, standalone XCCDF, GPOs, Intune policies, and SCC content.
  2. Review the STIG benchmark and change history — Confirm version V2 R11 requirements and recent updates.
  3. Map STIG controls to your organizational policy — Identify which controls are applicable or require formal exceptions.
  4. Import DISA GPO files into a test OU — Load provided GPOs into Group Policy Management for review.
  5. Test the imported GPOs in a non-production OU — Validate behavior on representative Windows clients before broad rollout.
  6. Deploy validated GPOs to production OUs — Apply to production after successful testing and change control approvals.
  7. Import and apply Intune policies for managed endpoints — Use provided Intune policy packs for cloud-managed devices.
  8. Configure Chrome automatic update management — Ensure updates are enforced via policy or system management tooling.
  9. Harden privacy and data storage settings
  10. Disable saving passwords in Chrome — Enforce via policy to prevent credential storage in browser.
  11. Disable autofill for forms and payment methods — Prevent automatic filling of personal and financial data.
  12. Block third-party cookies and site data as required — Reduce cross-site tracking and data leakage.
  13. Restrict or whitelist browser extensions via policy — Disable user-installed extensions and allow only approved ones.
  14. Enforce Safe Browsing and block malicious downloads — Enable enhanced protection and download restrictions via policy.
  15. Enable site isolation and sandboxing features — Use process isolation policies to harden against web-based exploits.
  16. Block external protocol handlers and unsafe protocols — Prevent automatic launching of external apps from web content.
  17. Enable pop-up and redirect blocking — Reduce unwanted content and drive-by downloads.
  18. Verify applied settings with SCAP/SCC or auditing tools — Run compliance scans and review audit results after deployment.
  19. Document deviations, exceptions, and change approvals — Record justifications and authority for any non-applicable controls.
Sign in to save
📝 My Notes