ARDC-CL-000335 – Adobe Reader DC must disable periodical uploading of Adobe certificates.

Details

By default, the user can update Adobe certificates from an Adobe server through the GUI.

When uploading Adobe certificates is disabled, it prevents the automatic download and installation of certificates and disables and locks the end user’s ability to upload those certificates.

Solution

Configure the following registry value:

Note: The Key Names ‘cDigSig’ and ‘cAdobeDownload’ are not created by default in the Adobe Reader DC install and must be created.

Registry Hive: HKEY_CURRENT_USER
Registry Path: SoftwareAdobeAcrobat Reader2015SecuritycDigSigcAdobeDownload

Value Name: bLoadSettingsFromURL
Type: REG_DWORD
Value: 0

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Adobe_Acrobat_Reader_DC_Classic_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

800-53|SC-23(5)
CAT|III
CCI|CCI-002470
Rule-ID|SV-213164r557349_rule
STIG-ID|ARDC-CL-000335
STIG-Legacy|SV-80299
STIG-Legacy|V-65809
Vuln-ID|V-213164

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles