18.8.22.1.2 (L1) Ensure 'Turn off downloading of print drivers over HTTP' is set to 'Enabled'

Information

This policy setting controls whether the computer can download print driver packages over HTTP. To set up HTTP printing, printer drivers that are not available in the standard operating system installation might need to be downloaded over HTTP.
The recommended state for this setting is: Enabled.

Rationale:
Users might download drivers that include malicious code.

Solution

To establish the recommended configuration via GP, set the following UI path to Enabled:
Computer Configuration\Policies\Administrative Templates\System\Internet Communication Management\Internet Communication settings\Turn off downloading of print drivers over HTTP
Note: This Group Policy path is provided by the Group Policy template ICM.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.

Impact:
Print drivers cannot be downloaded over HTTP.
Note: This policy setting does not prevent the client computer from printing to printers on the intranet or the Internet over HTTP. It only prohibits downloading drivers that are not already installed locally.

Default Value:
Disabled. (Users can download print drivers over HTTP.)

References:
1. CCE-35781-4

See Also

https://workbench.cisecurity.org/benchmarks/14249