Details

Specifies the URL of the search engine used when doing a default search. The URL should contain the string ‘{searchTerms}’, which will be replaced at query time by the terms the user is searching for. This option must be set when the ‘DefaultSearchProviderEnabled’ policy is enabled and will only be respected if this is the case. When doing internet searches it is important to use an encrypted connection via https.

Solution

If the system is on the SIPRNet, this requirement is NA.

Windows group policy:
1. Open the group policy editor tool with gpedit.msc.
2. Navigate to Policy Path: Computer ConfigurationAdministrative TemplatesGoogleGoogle ChromeDefault search provider.
– Policy Name: Default search provider search URL
– Policy State: Enabled
– Policy Value: Must be set to an organization-approved encrypted search string
(ex. https://www.google.com/search?q={searchTerms} or https://www.bing.com/search?q={searchTerms} )

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Chrome_V2R4_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

• 800-53|CM-7a.
• CAT|II
• CCI|CCI-000381
• Rule-ID|SV-221565r754421_rule
• STIG-ID|DTBC-0008
• STIG-Legacy|SV-57569
• STIG-Legacy|V-44735
• Vuln-ID|V-221565

Source

• Tenable.com/audits