2.8.3 Ensure 'Configure the required domain names for remote access clients' is set to 'Enabled' with a domain defined

Information

Chrome allows the configuration of a list of domains that are allowed to access the user's system. When enabled, remote systems can only connect if they are one of the specified domains listed.

Setting this to an empty list (Disabled) allows remote systems from any domain to connect to this user's system.

The recommended state for this setting is: Enabled (1) and at least one domain set

NOTE: The list of domains is organization specific.

Rationale:

Remote assistance connections shall be restricted.

Impact:

If this setting is enabled, only systems from the specified domains can connect to the user's system.

Solution

To establish the recommended configuration via Group Policy, set the following UI path to Enabled and enter an organizational specific domain(s) (e.g. nodomain.local):

Computer Configuration\Polices\Administrative Templates\Google\Google Chrome\Remote access\Configure the required domain names for remote access clients

Default Value:

Unset (Same as Disabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: ACCESS CONTROL, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-17, 800-53|AC-17(1), 800-53|SC-7, 800-53|SI-4, CSCv7|12.12

Plugin: Windows

Control ID: 499e2b6be09142c0534d3c656fe5ff6c8e256586d106dccb3e1df045beee828e