Online revocation checks must be done
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35791 | DTBC-0037 | SV-47078r1_rule | ECSC-1 | Medium |
| Description |
|---|
| "By setting this policy to true, the previous behaviour is restored and online OCSP/CRL checks will be performed. If the policy is not set, or is set to false, then Chrome will not perform online revocation checks in Chrome 19 and later.." - Google Chrome Administrators Policy List |
| STIG | Date |
|---|---|
| Google Chrome v23 Windows STIG | 2013-01-11 |
Details
| Check Text ( C-44137r1_chk ) |
|---|
| Universal method (Requires Chrome Browser v15 or later): 1. In the omnibox (address bar) type chrome://policy 2. If EnableOnlineRevocationChecks is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the EnableOnlineRevocationChecks value name does not exist or its value data is not set to 1, then this is a finding. |
| Fix Text (F-40339r1_fix) |
|---|
| Valid for Chrome Browser version 19 or later. Windows registry: Key Path: HKLM\Software\Policies\Google\Chrome\ Value Name: EnableOnlineRevocationChecks Value Type: Boolean (REG_DWORD) Value Data: 1 Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Whether online OCSP/CRL checks are performed Policy State: Enabled Policy Value: N/A |