Free DISA STIG and SRG Library | Vaulted


Plugins approved for use must be enabled.

Finding ID
Rule ID
Cat II
Group Title
DTBC0035 - Approved plugins
Target Key

Policy specifies a list of plugins that are enabled in Google Chrome and prevents users from changing this setting. The wildcard characters '*' and '?' can be used to match sequences of arbitrary characters. '*' matches an arbitrary number of characters while '?' specifies an optional single character, i.e. matches zero or one characters. The escape character is '\', so to match actual '*', '?', or '\' characters, you can put a '\' in front of them. The specified list of plugins is always used in Google Chrome if they are installed. The plugins are marked as enabled in 'about:plugins' and users cannot disable them. Note that this policy overrides both ‘DisabledPlugins ‘and ‘DisabledPluginsExceptions’. If this policy is left not set the user can disable any plugin installed on the system.

Fix Text

Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Specify a list of enabled plugins Policy State: Enabled Policy Value 1: Shockwave Flash Policy Value 2: Chrome PDF Viewer Policy Value 3: Silverlight Policy Value 4: Java*

Check Content

Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If EnabledPlugins is not displayed under the Policy Name column or does not contain a list of administrator approved Plugins under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\EnabledPlugins 3. If the EnabledPlugins key does not exist and does not contain a set of administrator approved Plugins then this is a finding. Suggested: the set or subset of Shockwave Flash, Chrome PDF Viewer, Silverlight, Java*