UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The HTTP Authentication must be set to negotiate


Overview

Finding ID Version Rule ID IA Controls Severity
V-0012 DTBC-0012 SV-0012r1_rule Medium
Description
Specifies which HTTP Authentication schemes are supported by Google Chrome. Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate multiple values with commas. If this policy is left not set, all four schemes will be used.
STIG Date
Google Chrome STIG Draft 2012-09-25

Details

Check Text ( C-0012r1_chk )
Universal method (Requires Chrome Browser v15 or later):
1. In the omnibox (address bar) type chrome://policy
2. If AuthSchemes is displayed under the Policy Name column and it is set to negotiate under the Policy Value column, then this is not a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome
3. If the AuthSchemes value name does not exist or its value data is not set to negotiate, then this is a finding.
Fix Text (F-0012r1_fix)

Valid for Chrome Browser version 9 or later.

Windows registry:
Key Path: HKLM\Software\Policies\Google\Chrome\
Value Name: AuthSchemes
Value Type: String (REG_SZ)
Value Data: negotiate

Windows group policy:
Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Policies for HTTP Authentication\
Policy Name: Supported authentication schemes
Policy State: Enabled
Policy Value: negotiate