ARDC-CL-000025 - Adobe Reader DC must Block Websites.

Information

Clicking any link to the Internet poses a potential security risk. Malicious websites can transfer harmful content or silently gather data. Acrobat Reader documents can connect to websites which can pose a potential threat to DoD systems and that functionality must be blocked. However, PDF document workflows that are trusted (e.g., DoD-created) can benefit from leveraging legitimate website access with minimal risk. Therefore, the ISSO may approve of website access and accept the risk if the access provides benefit and is a trusted site or the risk associated with accessing the site has been mitigated.

Adobe Reader must block access to all websites that are not specifically allowed by ISSO risk acceptance.

Satisfies: SRG-APP-000112, SRG-APP-000206, SRG-APP-000207, SRG-APP-000209, SRG-APP-000210

Solution

Configure the following registry value:

Registry Hive: HKEY_LOCAL_MACHINE
Registry Path:
\Software\Policies\Adobe\Acrobat Reader\2015\FeatureLockDown\cDefaultLaunchURLPerms

Value Name: iURLPerms
Type: REG_DWORD
Value: 1

If configuring the system to allow access to websites, obtain documented ISSO approvals and risk acceptance and set 'iURLPerms' to '0'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Adobe_Acrobat_Reader_DC_Classic_Track_V1R5_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18, CAT|II, CCI|CCI-001166, CCI|CCI-001169, CCI|CCI-001170, CCI|CCI-001662, CCI|CCI-001695, Rule-ID|SV-80257r2_rule, STIG-ID|ARDC-CL-000025, Vuln-ID|V-65767

Plugin: Windows

Control ID: 5505ba1eb843edd08913395857eafabdd5cccef7ac9c2f1681784845fb66cdbf