STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Google Chrome Current Windows Security Technical Implementation Guide

V-221596

CAT II (Medium)

URLs must be allowlisted for Autoplay use.

Rule ID

SV-221596r961092_rule

STIG

Google Chrome Current Windows Security Technical Implementation Guide

Version

V2R11

CCIs

CCI-001170

Discussion

Controls the allowlist of URL patterns that autoplay will always be enabled on. If the "AutoplayAllowed" policy is set to "True" then this policy will have no effect. If the "AutoplayAllowed" policy is set to "False", then any URL patterns set in this policy will still be allowed to play.

Check Content

Universal method:
1. In the omnibox (address bar), type chrome://policy.
2. If “AutoplayAllowlist” under the “Policy Name” column may be set to a list of administrator-approved URLs under the “Policy Value” column. This requirement is optional.

Windows method:
1. Start regedit.
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the “AutoplayAllowlist” key may contain a list of administrator-approved URLs. This requirement is optional.

Fix Text

Windows group policy:
1. Open the “group policy editor” tool with gpedit.msc.
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome
- Policy Name: Allow media autoplay on a allowlist of URL patterns.
- Policy State: Enabled
- Policy Value 1: [*.]mil
- Policy Value 2: [*.]gov

Note: Policy values are examples.