AADC-CL-000280 - Adobe Acrobat Pro DC Classic access to unknown websites must be restricted.

Information

Acrobat provides the ability for the user to store a list of websites with an associated behavior of allow, ask, or block. Websites that are not in this list are unknown. PDF files can contain URLs that will initiate connections to unknown websites in order to share or get information. That access must be restricted.

Solution

Configure the following registry value:

Registry Hive:
HKEY_LOCAL_MACHINE
Registry Path:
\Software\Policies\Adobe\Adobe Acrobat\2015\FeatureLockDown\cDefaultLaunchURLPerms\

Value Name: iUnknownURLPerms
Type: REG_DWORD
Value: 3

Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Classic > Preferences > Trust Manager > 'Access to unknown websites' to 'Enabled' and select 'Block access' in the drop down box.

This policy setting requires the installation of the AcrobatProDCClassic custom templates included with the STIG package. 'AcrobatProDCClassic.admx' and 'AcrobatProDCClassic.adml' must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Adobe_Acrobat_Pro_DC_Classic_V2R1_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|III, CCI|CCI-000381, Rule-ID|SV-213096r557504_rule, STIG-ID|AADC-CL-000280, STIG-Legacy|SV-94821, STIG-Legacy|V-80117, Vuln-ID|V-213096

Plugin: Windows

Control ID: 7b7018582741ba89e9eefdc9d24bd49d2fffce0871d1671d9860c870d3bf65bf