STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Google Chrome Current Windows Security Technical Implementation Guide

V-226402

CAT II (Medium)

AutoFill for credit cards must be disabled.

Rule ID

SV-226402r961083_rule

STIG

Google Chrome Current Windows Security Technical Implementation Guide

Version

V2R11

CCIs

CCI-001166

Discussion

Enabling Google Chrome's AutoFill feature allows users to auto complete credit card information in web forms using previously stored information. If this setting is disabled, Autofill will never suggest or fill credit card information, nor will it save additional credit card information that the user might submit while browsing the web. If this setting is enabled or has no value, the user will be able to control Autofill for credit cards in the UI.

Check Content

Universal method: 
1. In the omnibox (address bar) type chrome://policy 
2. If AutofillCreditCardEnabled is not displayed under the Policy Name column or it is not set to 0 under the Policy Value column, this is a finding.

Windows method:
1. Start regedit
2. Navigate to HKLM\Software\Policies\Google\Chrome\
3. If the AutofillCreditCardEnabled value name does not exist or its value data is not set to 0, this is a finding.

Fix Text

Windows group policy:
1. Open the "group policy editor" tool with gpedit.msc 
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\
Policy Name: Enable AutoFill for credit cards
Policy State: Disabled