ADBP-XI-001320 – Adobe Acrobat Pro XI Periodic downloading of Adobe certificates must be disabled.

Details

By default, the user can update Adobe certificates from an Adobe server through the GUI.

When updating Adobe certificates is disabled, it prevents the automatic download and installation of certificates and disables and locks the end user’s ability to download those certificates.

Solution

Verify the following registry configuration:

Note: The Key Names cDigSig and cAdobeDownload are not created by default in the Acrobat Pro XI install and must be created.

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path: SoftwarePoliciesAdobeAdobe Acrobat11.0FeatureLockDowncDigSigcAdobeDownload

Value Name: bLoadSettingsFromURL
Type: REG_DWORD
Value: 0

Supportive Information

The following resource is also helpful.

https://iasecontent.disa.mil/stigs/zip/U_Adobe_Acrobat_Pro_XI_V1R2_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

800-53|SC-23(5)
CAT|III
CCI|CCI-002470
Rule-ID|SV-89983r1_rule
STIG-ID|ADBP-XI-001320
Vuln-ID|V-75303

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles