2.8.6 Ensure 'Enable or disable PIN-less authentication for remote access hosts' is set to 'Disabled'

Information

Chrome allows a user to opt-out of using user-specified PIN authentication and instead pair clients and hosts during connection time.

The recommended state for this setting is: Disabled (0)

Rationale:

If this setting is enabled, users can opt to pair clients and hosts at connection time, eliminating the need to enter a PIN every time.

Impact:

If this setting is disabled, users will be required to enter PIN every time.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled:

Computer Configuration\Polices\Administrative Templates\Google\Google Chrome\Remote access\Enable or disable PIN-less authentication for remote access hosts

Default Value:

Unset (Same as Enabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-17, 800-53|AC-17(1), 800-53|SC-7, 800-53|SI-4, CSCv7|12.12

Plugin: Windows

Control ID: 528c105700dfd1545185c2bc727e8434189dd6c7207237bc86fb6e8400d9d755