The SPDY protocol must be disabled

From Google Chrome v24 Windows STIG

Part of DTBC0018 - Disable SPDY Protocol

Associated with IA controls: ECSC-1

Associated with: CCI-001588

SV-47052r2_rule The SPDY protocol must be disabled

Vulnerability discussion

"Disables use of the SPDY protocol in Google Chrome. If this policy is enabled the SPDY protocol will not be available in Google Chrome. Setting this policy to disabled will allow the usage of SPDY. If this policy is left not set, SPDY will be available." - Google Chrome Administrators Policy List

Check content

Universal method (Requires Chrome Browser v15 or later): 1. In the omnibox (address bar) type chrome://policy 2. If DisableSpdy is not displayed under the Policy Name column or it is not set to true under the Policy Name column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the DisableSpdy value name does not exist or its value data is not set to 1, then this is a finding.

Fix text

Valid for Chrome Browser version 8 or later. Windows registry: Key Path: HKLM\Software\Policies\Google\Chrome\ Value Name: DisableSpdy Value Type: Boolean (REG_DWORD) Value Data: 1 Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Disable SPDY protocol Policy State: Enabled Policy Value: N/A

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer