Rule ID
SV-221588r1106670_rule
Version
V2R11
CCIs
CCI-000169
Setting the policy means users cannot bypass download security decisions. There are many types of download warnings within Chrome, which roughly break down into these categories: - Malicious, as flagged by the Safe Browsing server. - Uncommon or unwanted, as flagged by the Safe Browsing server. - A dangerous file type (e.g., all SWF downloads and many EXE downloads). Setting the policy blocks different subsets of these, depending on its value: 0 = No special restrictions. Default. 1 = Block malicious downloads and dangerous file types. 2 = Block malicious downloads, uncommon or unwanted downloads, and dangerous file types. 3 = Block all downloads. 4 = Block malicious downloads. Recommended.
If the system is on the SIPRNet, this requirement is Not Applicable. Universal method: 1. In the omnibox (address bar) type "chrome:// policy". 2. If "DownloadRestrictions" is not displayed under the "Policy Name" column or it is set to "0", this is a finding. Windows method: 1. Start "regedit". 2. Navigate to "HKLM\Software\Policies\Google\Chrome\". 3. If the "DownloadRestrictions" value name does not exist or its value data is set to "0", this is a finding.
If the system is on the SIPRNet, this requirement is Not Applicable. Windows group policy: 1. Open the group policy editor tool with gpedit.msc. 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Allow download restrictions Policy State: 1, 2, or 4 Policy Value: N/A