Details
Google Chrome can exclude certificates by their subjectPublicKeyInfo hashes from enforcing Certificate Transparency requirements. If this setting is disabled, no certificates are excluded from Certificate Transparency requirements.
The recommended state for this setting is: Disabled (0)
Rationale:
Certificate Transparency requirements shall be enforced for all certificates.
Impact:
None – This is the default behavior.
Solution
To establish the recommended configuration via Group Policy, set the following UI path to Disabled:
Computer ConfigurationPoliciesAdministrative TemplatesGoogleGoogle ChromeDisable Certificate Transparency enforcement for a list of subjectPublicKeyInfo hashes
Default Value:
Unset (Same as Disabled, but user can change)
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.