Details

Adobe Acrobat Pro DC provides the ability to store PDF files on Adobe.com servers. Allowing users to store files on non-DoD systems introduces risk of data compromise.

Solution

Configure the following registry value:

Note: The Key Name ‘cCloud’ is not created by default in the Acrobat Pro DC install and must be created.

Registry Hive:
HKEY_LOCAL_MACHINE
Registry Path:
SoftwarePoliciesAdobeAdobe Acrobat2015FeatureLockDowncCloud

Value Name: bDisableADCFileStore
Type: REG_DWORD
Value: 1

Configure the policy value for Computer Configuration > Administrative Template > Adobe Acrobat Pro DC Classic > Preferences > ‘Store files on Adobe.com’ to ‘Disabled’.

This policy setting requires the installation of the AcrobatProDCClassic custom templates included with the STIG package. ‘AcrobatProDCClassic.admx’ and ‘AcrobatProDCClassic.adml’ must be copied to the WindowsPolicyDefinitions and WindowsPolicyDefinitionsen-US directories respectively.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Adobe_Acrobat_Pro_DC_Classic_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

• 800-53|CM-7a.
• CAT|II
• CCI|CCI-000381
• Rule-ID|SV-213107r557504_rule
• STIG-ID|AADC-CL-001285
• STIG-Legacy|SV-94843
• STIG-Legacy|V-80139
• Vuln-ID|V-213107

Source

• Tenable.com/audits