Details

PDF files can contain URLs that initiate connections to websites in order to share or get information. Any Internet access introduces a security risk as malicious websites can transfer harmful content or silently gather data.

Solution

Configure the following registry value:

Registry Hive:
HKEY_LOCAL_MACHINE
Registry Path:
SoftwarePoliciesAdobeAdobe AcrobatDCFeatureLockDowncDefaultLaunchURLPerms

Value Name: iURLPerms
Type: REG_DWORD
Value: 1

The setting may be set to ‘0’ if a documented risk acceptance approving the websites is approved by the ISSO/AO.

Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > Trust Manager > ‘Access to websites’ to ‘Enabled’ and select ‘Block PDF files access to all web sites’ in the drop down box. Select ‘Custom setting’ if needed and provide a documented risk acceptance approved by the ISSO/AO approving the websites.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Adobe_Acrobat_Pro_DC_Continuous_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Windows.

References

• 800-53|CM-7a.
• CAT|III
• CCI|CCI-000381
• Rule-ID|SV-213121r766523_rule
• STIG-ID|AADC-CN-000285
• STIG-Legacy|SV-94073
• STIG-Legacy|V-79367
• Vuln-ID|V-213121

Source

• Tenable.com/audits