Details

PDF files can contain URLs that initiate connections to websites in order to share or get information. Any Internet access introduces a security risk as malicious websites can transfer harmful content or silently gather data.

Solution

Configure the following registry value:

Registry Hive:
HKEY_LOCAL_MACHINE
Registry Path:
SoftwarePoliciesAdobeAdobe Acrobat2015FeatureLockDowncDefaultLaunchURLPerms

Value Name: iURLPerms
Type: REG_DWORD
Value: 1

The setting may be set to ‘0’ if a documented risk acceptance approving the websites is approved by the ISSO/AO.

Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Classic > Preferences > Trust Manager > ‘Access to websites’ to ‘Enabled’ and select ‘Block PDF files access to all web sites’ in the drop down box. Select ‘Custom setting’ if needed and provide a documented risk acceptance approved by the ISSO/AO approving the websites.

This policy setting requires the installation of the AcrobatProDCClassic custom templates included with the STIG package. ‘AcrobatProDCClassic.admx’ and ‘AcrobatProDCClassic.adml’ must be copied to the WindowsPolicyDefinitions and WindowsPolicyDefinitionsen-US directories respectively.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Adobe_Acrobat_Pro_DC_Classic_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

• 800-53|CM-7a.
• CAT|III
• CCI|CCI-000381
• Rule-ID|SV-213097r557504_rule
• STIG-ID|AADC-CL-000285
• STIG-Legacy|SV-94823
• STIG-Legacy|V-80119
• Vuln-ID|V-213097

Source

• Tenable.com/audits