Check: ADBP-XI-000990
Adobe Acrobat Pro XI STIG:
ADBP-XI-000990
(in versions v1 r2 through v1 r1)
Title
Adobe Acrobat Pro XI periodic downloading of Adobe European certificates must be disabled. (Cat III impact)
Discussion
By default, the user can update Adobe European certificates from an Adobe server through the GUI. When updating Adobe European certificates is disabled, it prevents the automatic download and installation of certificates and disables and locks the end user's ability to download those certificates.
Check Content
Verify the following registry configuration: Note: The Key Names "cDigSig" and "cEUTLDownload" are not created by default in the Acrobat Pro XI install and must be created. Using the Registry Editor, navigate to the following: HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\11.0\Security\cDigSig\cEUTLDownload Value Name: bLoadSettingsFromURL Type: REG_DWORD Value: 0 If the value for bLoadSettingsFromURL is not set to “0” and Type is not configured to REG_DWORD or does not exist, this is a finding.
Fix Text
Configure the following registry value: Note: The Key Names "cDigSig" and "cEUTLDownload" are not created by default in the Acrobat Pro XI install and must be created. Registry Hive: HKEY_CURRENT_USER Registry Path: \Software\Adobe\Adobe Acrobat\11.0\Security\cDigSig\cEUTLDownload Value Name: bLoadSettingsFromURL Type: REG_DWORD Value: 0
Additional Identifiers
Rule ID: SV-89961r1_rule
Vulnerability ID: V-75281
Group Title: SRG-APP-000427
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-002470 |
The information system only allows the use of organization-defined certificate authorities for verification of the establishment of protected sessions. |
Controls
Number | Title |
---|---|
SC-23 (5) |
Allowed Certificate Authorities |