ISM-1585 – Technical Resolution Guidance

What is ISM-1585?

Web browser security settings cannot be changed by users.

Background

This control restricts users from altering or customizing the security settings of their web browsers, encompassing configurations that establish security and privacy levels. It ensures that the browser’s security settings remain fixed and cannot be adjusted based on individual user preferences.

Applicability

This control is relevant to the following:

  • Maturity Level 1, 2, and 3 Controls

Evaluation Results

StatusDescription
EffectivePolicies are enforced to prevent users from altering the settings.
IneffectivePolicies are applied in a way that allows users to alter the settings

Testing Parameters

The table below lists the required Group Policy settings or Registry hives that must exist if the web browsers is installed:

Policies/Description Registry Key Group Policy Setting
Microsoft EdgeHKCU or HKLM\Software\Policies\Microsoft\EdgeComputer Configuration or User Configuration\Policies\Administrative Templates\Microsoft Edge
Google ChromeHKCU or HKLM\Software\Policies\Google\ChromeComputer Configuration or User Configuration\Policies\Administrative Templates\Google\Google Chrome
Mozilla FirefoxHKCU or HKLM\Software\Policies\Mozilla\FirefoxComputer Configuration or User Configuration\Policies\Administrative Templates\Mozilla\FireFox

Remediation Steps

Download and configure group policies for browsers where applicable:
BrowserDescriptionDownload
Microsoft EdgeApply msedge.admx msedge.admlLink
Google ChromeDownload the Bundle for Chrome Browser and apply chrome.admx, chrome.admlLink
Mozilla FirefoxApply firefox.admx, firefox.admlLink

Validation Process

Validation that the policy is correctly being applied on the end device.

Risk Consideration

Restricting browser security settings can improve an organization's security, but it limits users' ability to customize settings to meet personal security or privacy needs.