STIGQter STIGQter: STIG Summary: Google Chrome Current Windows Security Technical Implementation Guide Version: 1 Release: 18 Benchmark Date: 24 Jan 2020: URLs must be whitelisted for Autoplay use.

DISA Rule

SV-96303r2_rule

Vulnerability Number

V-81589

Group Title

DTBC-0065 - Autoplay Whitelist

Rule Version

DTBC-0065

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Windows group policy:
1. Open the “group policy editor” tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome
Policy Name: Allow media autoplay on a whitelist of URL patterns
Policy State: Enabled
Policy Value 1: [*.]mil
Policy Value 2: [*.]gov

Check Contents

Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If “AutoplayWhitelist” is not displayed under the “Policy Name” column or it is not set to a list of administrator-approved URLs under the “Policy Value” column, this is a finding.
Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the “AutoplayWhitelist” key does not exist and it does not contain a list of administrator-approved URLs, this is a finding.
Suggested: the set or subset of [*.]mil and [*.]gov

Vulnerability Number

V-81589

Documentable

False

Rule Version

DTBC-0065

Severity Override Guidance

Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If “AutoplayWhitelist” is not displayed under the “Policy Name” column or it is not set to a list of administrator-approved URLs under the “Policy Value” column, this is a finding.
Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the “AutoplayWhitelist” key does not exist and it does not contain a list of administrator-approved URLs, this is a finding.
Suggested: the set or subset of [*.]mil and [*.]gov

Check Content Reference

M

Target Key

2591

Comments