Unable to run ANDI in Chrome with DISA STIGs v2r4 applied

[Abester45]

We applied DoD DISA STIGs hardening settings for Chrome v2r4 in our environment and ANDI no longer seems to works. When clicking on ANDI there is no response, no pop-up errors/prompts or warning messages displayed. ANDI is required by our 508 testers, what is the workaround to allow ANDI to work with Chrome STIGs applied? I fear other goverment agencies employing STIG browser hardening for Chrome is facing similar issues with ANDI.

[jbelzjr]

We had the same issue at the U.S. EPA.   The DISA STIGS are preventing ANDI from starting.  ANDI starts by running a JavaScript Statement/Command.   The DISA STIGS are not allowing the JavaScript to run since it is calling an outside server (SSA).  The EPA has an exception group for ANDI users that allows for the JavaScript call to the SSA server.  ANDI runs properly for all Users in this group.  Note:  The STIG only appears to be affecting Chrome Users.  ANDI continues to run correctly for users of IE 11 or MS Edge.

Sent from the all new AOL app for iOS

On Monday, October 25, 2021, 2:39 PM, Abester45 @.***> wrote:

We applied DoD DISA STIGs hardening settings for Chrome v2r4 in our environment and ANDI no longer works/respinding. When clicking on ANDI i get no response, no pop-up errors/prompts or warning messages. ANDI is required by our 508 testers, what is the workaround to alloe ANDI to work with Chrome STIGs applied?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

[Abester45]

We had the same issue at the U.S. EPA.   The DISA STIGS are preventing ANDI from starting.  ANDI starts by running a JavaScript Statement/Command.   The DISA STIGS are not allowing the JavaScript to run since it is calling an outside server (SSA).  The EPA has an exception group for ANDI users that allows for the JavaScript call to the SSA server.  ANDI runs properly for all Users in this group.  Note:  The STIG only appears to be affecting Chrome Users.  ANDI continues to run correctly for users of IE 11 or MS Edge. Sent from the all new AOL app for iOS On Monday, October 25, 2021, 2:39 PM, Abester45 @.***> wrote: We applied DoD DISA STIGs hardening settings for Chrome v2r4 in our environment and ANDI no longer works/respinding. When clicking on ANDI i get no response, no pop-up errors/prompts or warning messages. ANDI is required by our 508 testers, what is the workaround to alloe ANDI to work with Chrome STIGs applied? — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

Hi Jbelzjr,

Can you please share the GPO exception setting put in place to allow ANDI to run, would be greatly appreciated.

[Abester45]

@SSAgovAdmin are you aware of any exception settings needed for ANDI to run properly with DISA STIGs applied in Chrome browser? Are there Java application dependencies that need to be allowed in group policy or a SSA server call out setting that needs to be added in firewall?

[Abester45]

Any updates?

[jbeatty2]

I am also interested in this information.

If you still have access to the Developer Tools in the browser, the following procedure may provide a temporary work-around to be able to launch ANDI:

1. Install ANDI on the bookmarks bar (if you have not already done so). a. Follow the instructions at https://www.ssa.gov/accessibility/andi/help/install.html.
2. Create an ANDI snippet a. On your computer, open Chrome. b. Press Ctrl + Shift + j on your keyboard to open the Developer Tools. c. Click on the Sources tab to open the Sources panel. d. Click the Snippets tab to open the Snippets pane. You might need to click More Tabs in order to access the Snippets option. e. Click New snippet to create a new snippet. f. Right-click it and select Rename... to rename it. g. Type ANDI and then press Enter. h. Drag and drop the ANDI bookmarklet from the bookmarklet bar into the Code Editor pane. i. Press Cntrl + Enter on your keyboard, to save the ANDI snippet and run it.
3. Any time you want to launch ANDI to evaluate a webpage a. Press Ctrl + Shift + j on your keyboard to open the Developer Tools. b. Click on the Sources tab to open the Sources panel. c. Click the Snippets tab to open the Snippets pane. You might need to click More Tabs in order to access the Snippets option. d. Right-click on ANDI snippet and select Run to launch ANDI. e. When you want to launch ANDI again after moving to a new webpage, right-click on the ANDI snippet and select Run.