1.10 Ensure 'Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities' is set to 'Disabled'

Information

Google Chrome can disable the enforcing of Certificate Transparency requirements for a list of Legacy Certificate Authorities.

If this setting is disabled, certificates not properly publicly disclosed as required by Certificate Transparency are untrusted.

The recommended state for this setting is: Disabled (0)

Rationale:

Legacy Certificate Authorities shall follow the Certificate Transparency policy.

Impact:

None - This is the default behavior.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Google\Google Chrome\Disable Certificate Transparency enforcement for a list of Legacy Certificate Authorities

Default Value:

Unset (Same as Disabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Windows

Control ID: 2080d842abbc5fcb98fab998a9b18d4a69ffba6604d30780e1fca07b331bf5c2