Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Chrome must be configured to allow only TLS.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-81583 | DTBC-0056 | SV-96297r2_rule | Medium |
| Description |
|---|
| If this policy is not configured then Google Chrome uses a default minimum version, which is TLS 1.0. Otherwise, it may be set to one of the following values: "tls1", "tls1.1" or "tls1.2". When set, Google Chrome will not use SSL/TLS versions less than the specified version. An unrecognized value will be ignored. "tls1" = TLS 1.0 "tls1.1" = TLS 1.1 "tls1.2" = TLS 1.2 |
| STIG | Date |
|---|---|
| Google Chrome Current Windows STIG | 2019-01-28 |
Details
| Check Text ( C-81333r1_chk ) |
|---|
| Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If "SSLVersionMin" is not displayed under the "Policy Name" column or it is not set to "tls1.1", this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "SSLVersionMin" value name does not exist or its value data is not set to "tls1.1", this is a finding. |
| Fix Text (F-88409r2_fix) |
|---|
| Windows group policy: 1. Open the “group policy editor” tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Minimum SSL version enabled Policy State: Enabled Policy Value: TLS 1.1 |