DTBC-0002 - Site tracking users location must be disabled.

Details

Website tracking is the practice of gathering information as to which websites were accesses by a browser. The common method of doing this is to have a website create a tracking cookie on the browser. If the information of what sites are being accessed is made available to unauthorized persons, this violates confidentiality requirements, and over time poses a significant OPSEC issue. This policy setting allows you to set whether websites are allowed to track the user's physical location. Tracking the user's physical location can be allowed by default, denied by default or the user can be asked every time a website requests the physical location.


1 = Allow sites to track the user's physical location


2 = Do not allow any site to track the user's physical location


3 = Ask whenever a site wants to track the user's physical location


Solution

Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings\
Policy Name: Default geolocation setting
Policy State: Enabled
Policy Value: Do not allow any site to track the users' physical location


Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.


References


Source