U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Checklist Program

National Checklist Program

NCP

  1. Checklist Repository

Google Chrome Browser STIG for Windows Version 2, Release 9 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Google Chrome 33 cpe:/a:google:chrome:33.0 (View CVEs)

Checklist Highlights

Checklist Name:
Google Chrome Browser STIG for Windows
Checklist ID:
483
Version:
Version 2, Release 9
Type:
Compliance
Review Status:
Final
Authority:
Governmental Authority: Defense Information Systems Agency
Original Publication Date:
04/15/2014

Checklist Summary:

The web browser application addressed in this document, utilizes mobile code and Public Key Infrastructure (PKI) technologies to enable some of their features. The requirements described in this document are designed to implement the applicable Department of Defense (DoD) polices for those technologies. These policies are described in the Use of Mobile Code Technologies in Department of Defense (DoD) Information Systems (later referred to as the DoD Mobile Code Policy) and the Department of Defense Instruction, “Department of Defense (DoD) Public Key Infrastructure (PKI) and Public Key (PK) Enabling documents, as referenced in Appendix B, Related Publications. The requirements and recommendations set forth in this document will assist IAOs and Information Assurance Managers (IAMs) in protecting web browser applications in DoD locations hereafter referred to as sites. The responsible Configuration Control Board (CCB) will approve revisions to site systems that could have a security impact. Therefore, before implementing web browser application security measures, the IAO will submit a change notice to the CCB for review and approval. Although there are a few different operating system platforms for desktop environments, this document addresses Google Chrome running on Microsoft Windows platforms only. This document does not include specific guidance for UNIX, Linux, or Apple desktop environments at this time. This document is based on Google Chrome Browser installation within the Windows family of operating system. This document, and associated STIG, has set forth requirements based upon having a secured Windows environment as described in various other documents. The superset of these requirements can be found in the appropriate Windows STIG, which is also available from the IASE web site. Failure to follow these requirements can significantly diminish the value of many of the specifications in this document. Security controls that are managed through the underlying operating system platform directly affect the strength of the security that surrounds desktop applications.

Checklist Role:

  • Web Browser

Known Issues:

Not Provided

Target Audience:

The requirements and recommendations set forth in this document will assist IAOs and Information Assurance Managers (IAMs) in protecting web browser applications in DoD locations hereafter referred to as sites. The responsible Configuration Control Board (CCB) will approve revisions to site systems that could have a security impact. Therefore, before implementing web browser application security measures, the IAO will submit a change notice to the CCB for review and approval.

Target Operational Environment:

  • Managed
  • Specialized Security-Limited Functionality (SSLF)

Testing Information:

Although there are a few different operating system platforms for desktop environments, this document addresses Google Chrome running on Microsoft Windows platforms only. This document does not include specific guidance for UNIX, Linux, or Apple desktop environments at this time.

Regulatory Compliance:

DoD Directive 8500.1 and DoD Directive 8500.2

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Disclaimer:

Not Provided

Product Support:

Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Point of Contact:

Comments or proposed revisions to this document should be sent via e-mail to the following address: disa.letterkenny.FSO.mbx.stig-customer-support-mailbox@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Sponsor:

Not Provided

Licensing:

Not Provided

Change History: 

Version 1, Release 2 - 25 July 2014
Version 1, Release 1 - 15 April 2014
Version 1, Release 3 - 27 October 2015
Changed status from "Under Review" to "Final" - 03 December 2015

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 12/04/2015