Title

Google Data Synchronization must be disabled. (Cat II impact)

Discussion

Disables data synchronization in Google Chrome using Google-hosted synchronization services and prevents users from changing this setting. If you enable this setting, users cannot change or override this setting in Google Chrome. If this policy is left not set the user will be able to enable Google Sync. Google Sync is used to sync information between different user devices, this data is then stored on Google owned servers. The synced data may consist of information such as email, calendars, viewing history, etc. This feature must be disabled because the organization does not have control over the servers the data is stored on.

Check Content

Universal method: 1. In the omnibox (address bar) type chrome://policy 2. If SyncDisabled is not displayed under the Policy Name column or it is not set to true under the Policy Value column, then this is a finding. Windows method: 1. Start regedit 2. Navigate to HKLM\Software\Policies\Google\Chrome\ 3. If the SyncDisabled value name does not exist or its value data is not set to 1, then this is a finding.

Fix Text

Windows group policy: 1. Open the group policy editor tool with gpedit.msc 2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\ Policy Name: Disable synchronization of data with Google Policy State: Enabled Policy Value: N/A

Additional Identifiers

Rule ID: SV-221571r879540_rule

Vulnerability ID: V-221571

Group Title: SRG-APP-000047

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.