2.28 Ensure 'Enable automatic HTTPS upgrades' Is Enabled

Information

This setting controls the ability for Google Chrome to upgrade to HTTPS from HTTP while navigating to certain sites. It can be configured to either:

Disabled (0): Disable HTTPS Upgrades

Enabled (1): HTTPS Upgrades may be applied depending on feature launch status

If the value for HttpsUpgradesEnabled is not changed from the default, it will behave as if it is enabled.

Rationale:

Enabling this setting will upgrade the connection to a site from HTTP to HTTPS where available, verifying the identity of the site visited.

Impact:

This should have no impact on the user.

Note: If there are internal sites/servers that use HTTP only, set those in the policy HttpAllowlist

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Enabled:

Computer Configuration\Policies\Administrative Templates\Google\Google Chrome\Enable automatic HTTPS upgrades

Default Value:

Unset (Enabled)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: MEDIA PROTECTION

References: 800-53|MP-6, CSCv7|7.4

Plugin: Windows

Control ID: 8544e77fda3e1a3220635ae24a82486eab20ccbe1fae31ec2ef3f051dd491538