Incognito mode must be disabled

Part of DTBC0030 - Disable incognito mode

Associated with IA controls: ECSC-1

Associated with: CCI-001588

SV-47072r1_rule Incognito mode must be disabled

Vulnerability discussion

Incognito mode prevents saving of anything from the current session. This is bad from a foreignics standpoint. This information needs to be retained in case a compromise happens. "pecifies whether the user may open pages in Incognito mode in Google Chrome. If 'Enabled' is selected or the policy is left unset, pages may be opened in Incognito mode. If 'Disabled' is selected, pages may not be opened in Incognito mode. If 'Forced' is selected, pages may be opened ONLY in Incognito mode. 0 = Incognito mode available. 1 = Incognito mode disabled. 2 = Incognito mode forced." - Google Chrome Administrators Policy List

Check content

Fix text

Valid for Chrome Browser version 14 or later. Windows registry: Key Path: HKLM\Software\Policies\Google\Chrome\ Value Name: IncognitoModeAvailability Value Type: REG_DWORD Value Data: 1 Windows group policy: Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Incognito mode availability Policy State: Enabled Policy Value: Incognito mode disabled

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.