ISM-1585 – Technical Resolution Guidance
What is ISM-1585?
Web browser security settings cannot be changed by users.
Background
This control restricts users from altering or customizing the security settings of their web browsers, encompassing configurations that establish security and privacy levels. It ensures that the browser’s security settings remain fixed and cannot be adjusted based on individual user preferences.
Applicability
This control is relevant to the following:
- Maturity Level 1, 2, and 3 Controls
Evaluation Results
Status | Description |
---|---|
Effective | Policies are enforced to prevent users from altering the settings. |
Ineffective | Policies are applied in a way that allows users to alter the settings |
Testing Parameters
The table below lists the required Group Policy settings or Registry hives that must exist if the web browsers is installed:
Policies/Description | Registry Key | Group Policy Setting |
---|---|---|
Microsoft Edge | HKCU or HKLM\Software\Policies\Microsoft\Edge | Computer Configuration or User Configuration\Policies\Administrative Templates\Microsoft Edge |
Google Chrome | HKCU or HKLM\Software\Policies\Google\Chrome | Computer Configuration or User Configuration\Policies\Administrative Templates\Google\Google Chrome |
Mozilla Firefox | HKCU or HKLM\Software\Policies\Mozilla\Firefox | Computer Configuration or User Configuration\Policies\Administrative Templates\Mozilla\FireFox |
Remediation Steps
Download and configure group policies for browsers where applicable:Browser | Description | Download |
---|---|---|
Microsoft Edge | Apply msedge.admx msedge.adml | Link |
Google Chrome | Download the Bundle for Chrome Browser and apply chrome.admx, chrome.adml | Link |
Mozilla Firefox | Apply firefox.admx, firefox.adml | Link |
Validation Process
Validation that the policy is correctly being applied on the end device.
Risk Consideration
Restricting browser security settings can improve an organization's security, but it limits users' ability to customize settings to meet personal security or privacy needs.