The 25 Chrome Enterprise security checks Black Cat runs
Black Cat SSPM evaluates 25 security policies against your Chrome Enterprise configuration on every scan, classifies each finding by risk, and provides remediation steps. Below is the full list, grouped by category.
access control
Configure download restrictions in Chrome Enterprise to block dangerous file types
Disable Incognito Mode in Chrome Enterprise to ensure browsing activity is logged
Review Chrome extensions requesting more than 10 permissions and consider blocking or replacing them
asset management
Decommission or re-enroll Chrome browsers that have been inactive for 90 or more days
Review and clean up Chrome browser enrollments that have been inactive for 30 or more days
Remove stale extension catalog entries that have zero active installations
Investigate and resolve the condition causing Chrome to flag the browser as needing attention
configuration
Restrict Chrome browser channel to stable in Chrome Enterprise settings
Upgrade browsers running on Windows 10 to Windows 11 as Windows 10 reached end of support
Prioritize updating outdated Chrome versions that are deployed on more than 100 devices
Investigate telemetry devices not reporting OS version to restore patch compliance visibility
Investigate enrolled browsers not reporting their version to restore update compliance visibility
credential management
Enable Chrome built-in Password Manager or ensure an approved enterprise password manager is deployed
device trust
Review and restrict Chrome extensions with risky permissions deployed to more than 50 devices
Upgrade or decommission Chrome-managed devices still running end-of-life Windows versions
Review admin-pushed Chrome extensions that carry high-risk permissions and cannot be removed by users
Evaluate and either formally approve or block non-managed extensions installed on more than 100 devices
Upgrade devices reported via Chrome telemetry that are running end-of-support operating systems
encryption
Enable disk encryption on all Chrome Enterprise managed devices
governance
Review and action Chrome extension requests that have been pending for more than 7 days
patch management
Update Chrome browser to the latest stable version on affected devices
policy enforcement
Assign all enrolled Chrome browsers to an appropriate organisational unit so they receive managed policies
software management
Remove sideloaded extensions and enforce extension installation policy in Chrome Enterprise
Block or remove Chrome extensions with risky permissions from managed devices
threat protection
Enable Safe Browsing in Chrome Enterprise to protect users from malicious sites and downloads