UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

WebUSB must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-221591 DTBC-0058 SV-221591r508655_rule Medium
Description
Allows you to set whether websites are allowed to get access to connected USB devices. Access can be completely blocked, or the user can be asked every time a website wants to get access to connected USB devices. If this policy is left not set, ”3” will be used, and the user will be able to change it. 2 = Do not allow any site to request access to USB devices via the WebUSB API 3 = Allow sites to ask the user to grant access to a connected USB device
STIG Date
Google Chrome Current Windows Security Technical Implementation Guide 2020-09-22

Details

Check Text ( C-23306r415900_chk )
Universal method:
1. In the omnibox (address bar) type chrome://policy
2. If "DefaultWebUsbGuardSetting" is not displayed under the "Policy Name" column or it is not set to "2", this is a finding.
Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the "DefaultWebUsbGuardSetting" value name does not exist or its value data is not set to "2", this is a finding.
Fix Text (F-23295r415901_fix)
Windows group policy:
1. Open the “group policy editor” tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings
Policy Name: Control use of the WebUSB API
Policy State: Enabled
Policy Value: 2