New benchmarks for securing ChromeOS from the Center for Internet Security
Daniel Christopher
Chrome Enterprise Customer Engineer, Google
As the way people work continues to evolve, keeping security policies in place that protect organizations but give workers the ability to get things done, wherever work happens, is more important than ever. IT and security teams must aim to stay a step ahead of web-based security threats that come their organization’s way. To help, the Center for Internet Security (CIS) team has released the CIS Benchmark 1.0 for Google ChromeOS. This Benchmark offers independent recommendations on which ChromeOS policies to configure to help support organizations’ security and compliance needs. Thanks to ChromeOS being built with security at its core, in many cases, ChromeOS default settings are aligned with CIS recommendations.
ChromeOS is secure by default, but we also pride ourselves on providing customizations for enterprises to allow ChromeOS to better fit the needs of their business. And with over 600 hundred policies available through ChromeOS device management, we put control in the hands of IT. The CIS guide is a helpful tool to help navigate policies more easily.
Throughout the CIS guide you’ll notice that there are different designations for configuration profiles. Any labeled Level 1 (L1), are intended to be a starting baseline for many organizations. Level 2 (L2) profiles are recommended for deployments that require the highest level of security, but note that these settings could have a trade off on usability. We recommend looking at each setting and determining if it’s a good fit for your business.
The benchmark is made up of four sections:
- Directory: The Directory section of the Google admin console and recommended policy configurations.
- Chrome: Details security policy recommendations for User & Browser settings, ChromeOS device settings and ChromeOS managed guest session settings.
- Apps: Security recommendations for application settings on ChromeOS devices.
- Rules: Contains settings that can help prevent data loss and protect your organization’s data.
Organizations can use these benchmarks to optimize the best way to secure ChromeOS in their environment. Download the CIS Benchmark here.
Note: This CIS Benchmark™ was created using a consensus review process, comprised of a global community of subject matter experts. The process combines real world experience with data-based information to create technology specific guidance to assist users to secure their environments. Consensus participants provide perspective from a diverse set of backgrounds including consulting, software development, audit and compliance, security research, operations, government, and legal.