Check: ADBP-XI-001335
Adobe Acrobat Pro XI STIG:
ADBP-XI-001335
(in versions v1 r2 through v1 r1)
Title
Adobe Acrobat Pro XI certified document trust must be disabled. (Cat II impact)
Discussion
Certified document trust elevates signed PDF files to a privileged location and bypasses privileged view security protections. Disabling certified documents disables and locks the end user's ability to elevate certified documents as a privileged location.
Check Content
Verify the following registry configuration: Using the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\11.0\FeatureLockDown Value Name: bEnableCertificateBasedTrust Type: REG_DWORD Value: 0 If the value for bEnableCertificateBasedTrust is not set to “0” and Type is not configured to REG_DWORD or does not exist, this is a finding.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\11.0\FeatureLockDown Value Name: bEnableCertificateBasedTrust Type: REG_DWORD Value: 0
Additional Identifiers
Rule ID: SV-89977r1_rule
Vulnerability ID: V-75297
Group Title: SRG-APP-000380
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001813 |
The information system enforces access restrictions. |
Controls
Number | Title |
---|---|
CM-5 (1) |
Automated Access Enforcement / Auditing |