Detections
Analytics
AADC-CL-000285 - Adobe Acrobat Pro DC Classic access to websites must be blocked.
Information
PDF files can contain URLs that initiate connections to websites in order to share or get information. Any Internet access introduces a security risk as malicious websites can transfer harmful content or silently gather data.Solution
Configure the following registry value:Registry Hive:
HKEY_LOCAL_MACHINE
Registry Path:
\Software\Policies\Adobe\Adobe Acrobat\2015\FeatureLockDown\cDefaultLaunchURLPerms\
Value Name: iURLPerms
Type: REG_DWORD
Value: 1
The setting may be set to '0' if a documented risk acceptance approving the websites is approved by the ISSO/AO.
Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Classic > Preferences > Trust Manager > 'Access to websites' to 'Enabled' and select 'Block PDF files access to all web sites' in the drop down box. Select 'Custom setting' if needed and provide a documented risk acceptance approved by the ISSO/AO approving the websites.
This policy setting requires the installation of the AcrobatProDCClassic custom templates included with the STIG package. 'AcrobatProDCClassic.admx' and 'AcrobatProDCClassic.adml' must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Adobe_Acrobat_Pro_DC_Classic_V2R1_STIG.zip
Item Details
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-7a., CAT|III, CCI|CCI-000381, Rule-ID|SV-213097r557504_rule, STIG-ID|AADC-CL-000285, STIG-Legacy|SV-94823, STIG-Legacy|V-80119, Vuln-ID|V-213097
Plugin: Windows
Control ID: f19b021f93facfb3b59adbed414a89e42866b8b7847eadc29462567f86917f12