The Center for Internet Security (CIS) has released the CIS Benchmark 1.0 for Google ChromeOS. This benchmark provides independent recommendations on which ChromeOS policies to configure to help support organizations' security and compliance needs. Thanks to ChromeOS being built with security at its core, in many cases, ChromeOS default settings are aligned with CIS recommendations.
While ChromeOS is secure by default, it also prides itself on providing customizations for enterprises to allow ChromeOS to better fit the needs of their business. And with over 600 hundred policies available through ChromeOS device management, it puts control in the hands of IT. The CIS guide is a helpful tool to help navigate policies more easily.
Throughout the CIS guide you’ll notice that there are different designations for configuration profiles. Any labeled Level 1 (L1), are intended to be a starting baseline for many organizations. Level 2 (L2) profiles are recommended for deployments that require the highest level of security, but note that these settings could have a trade off on usability. It is recommended to look at each setting and determine if it’s a good fit for your business.
The benchmark is made up of four sections:
* **Directory:** The Directory section of the Google admin console and recommended policy configurations.
* **Chrome:** Details security policy recommendations for User & Browser settings, ChromeOS device settings and ChromeOS managed guest session settings.
* **Apps:** Security recommendations for application settings on ChromeOS devices.
* **Rules:** Contains settings that can help prevent data loss and protect your organization’s data.
Organizations can use these benchmarks to optimize the best way to secure ChromeOS in their environment. Download the CIS Benchmark [here](link).
**Note:** This CIS Benchmark™ was created using a consensus review process, comprised of a global community of subject matter experts. The process combines real world experience with data-based information to create technology specific guidance to assist users to secure their environments. Consensus participants provide perspective from a diverse set of backgrounds including consulting, software development, audit and compliance, security research, operations, government, and legal.
