DTBC-0037 - Online revocation checks must be performed.

Information

By setting this policy to true, the previous behavior is restored and online OCSP/CRL checks will be performed. If the policy is not set, or is set to false, then Chrome will not perform online revocation checks. Certificates are revoked when they have been compromised or are no longer valid, and this option protects users from submitting confidential data to a site that may be fraudulent or not secure.

Solution

Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\
Policy Name: Enable online OCSP/CRL checks
Policy State: Enabled
Policy Value: N/A

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Chrome_V2R9_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(2)(a), CAT|II, CCI|CCI-000185, Rule-ID|SV-221579r879897_rule, STIG-ID|DTBC-0037, STIG-Legacy|SV-57623, STIG-Legacy|V-44789, Vuln-ID|V-221579

Plugin: Windows

Control ID: 2eebf18d522735efaaca8d33ec239823fee4dd44cc38adf4a2b50fcbd33525e9