AutoFill for Credit Cards must be disabled.

From Google Chrome Current Windows STIG

Part of DTBC-0054 - Credit Card AutoFill

Associated with: CCI-000381

SV-94637r1_rule AutoFill for Credit Cards must be disabled.

Vulnerability discussion

Enabling Google Chrome's AutoFill feature allows users to auto complete credit card and address information in web forms using previously stored information. If you disable this setting, Autofill will never suggest, or fill credit card information, nor will it save additional credit card information that the user might submit while browsing the web. If you enable this setting or do not set a value, then users will be able to control the overall autofill feature (including credit cards) in the UI.

Check content

Universal method: 1. In the omnibox (address bar) type chrome:// policy 2. If "AutofillCreditCardEnabled" is not displayed under the "Policy Name" column or it is not set to "false" under the "Policy Value" column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the "AutofillCreditCardEnabled" value name does not exist or its value data is not set to "0", then this is a finding.

Fix text

Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Enable AutoFill for credit cards Policy State: Disabled Policy Value: N/A

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer