STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Google Chrome Current Windows Security Technical Implementation Guide

V-245538

CAT II (Medium)

Use of the QUIC protocol must be disabled.

Rule ID

SV-245538r961470_rule

STIG

Google Chrome Current Windows Security Technical Implementation Guide

Version

V2R11

CCIs

CCI-001762

Discussion

QUIC is used by more than half of all connections from the Chrome web browser to Google's servers, and this activity is undesirable in the DoD. Setting the policy to Enabled or leaving it unset allows the use of QUIC protocol in Google Chrome. Setting the policy to Disabled disallows the use of QUIC protocol.

Check Content

Universal method: 
1. In the omnibox (address bar), type chrome://policy.
2. If QuicAllowed is not displayed under the Policy Name column or it is not set to False under the Policy Value column, this is a finding.

Windows method:
1. Start regedit.
2. Navigate to HKLM\Software\Policies\Google\Chrome\.
3. If the QuicAllowed value name does not exist or its value data is not set to 0, this is a finding.

Fix Text

Windows group policy:
1. Open the “group policy editor” tool with gpedit.msc.
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google Chrome.
- Policy Name: Allow QUIC protocol
- Policy State: Disabled
- Policy Value: N/A