1.12 Ensure 'Disable Certificate Transparency enforcement for a list of URLs' is set to 'Disabled'

Information

Google Chrome can specify URLs/hostnames for which Certificate Transparency will not be enforced. If this setting is disabled, no URLs are excluded from Certificate Transparency requirements.

The recommended state for this setting is: Disabled (0)

Rationale:

Certificates that are required to be disclosed via Certificate Transparency shall be treated for all URLs as untrusted if they are not disclosed according to the Certificate Transparency policy.

Impact:

None - This is the default behavior.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Disabled:

Computer Configuration\Policies\Administrative Templates\Google\Google Chrome\Disable Certificate Transparency enforcement for a list of URLs

Default Value:

Unset (Same as Disabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Windows

Control ID: bf19b86b431f0a1e06eb57d21c4eb8084c694a4f4653f55b6591a009475da773