STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Google Chrome Current Windows Security Technical Implementation Guide

V-221579

CAT II (Medium)

Online revocation checks must be performed.

Rule ID

SV-221579r961893_rule

STIG

Google Chrome Current Windows Security Technical Implementation Guide

Version

V2R11

CCIs

CCI-000185

Discussion

By setting this policy to true, the previous behavior is restored and online OCSP/CRL checks will be performed. If the policy is not set, or is set to false, then Chrome will not perform online revocation checks. Certificates are revoked when they have been compromised or are no longer valid, and this option protects users from submitting confidential data to a site that may be fraudulent or not secure.

Check Content

Universal method:        
   1. In the omnibox (address bar) type chrome://policy        
   2. If EnableOnlineRevocationChecks is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding.

Windows method:
   1. Start regedit
   2. Navigate to HKLM\Software\Policies\Google\Chrome\
   3. If the EnableOnlineRevocationChecks value name does not exist or its value data is not set to 1, then this is a finding.

Fix Text

Windows group policy:
 1. Open the group policy editor tool with gpedit.msc 
 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\
 Policy Name: Enable online OCSP/CRL checks
 Policy State: Enabled
 Policy Value: N/A