Check: ARDC-CN-000075
Adobe Acrobat Reader DC Continuous Track STIG:
ARDC-CN-000075
(in versions v2 r1 through v1 r2)
Title
Adobe Reader DC must disable 3rd Party Web Connectors. (Cat II impact)
Discussion
When 3rd Party Web Connectors are disabled it prevents the configuration of Adobe Reader DC access to third party services for file storage.
Check Content
Verify the following registry configuration: Note: The Key Name "cServices" is not created by default in the Adobe Reader DC install and must be created. Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bToggleWebConnectors Type: REG_DWORD Value: 1 If the value for bToggleWebConnectors is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Note: The Key Name "cServices" is not created by default in the Adobe Reader DC install and must be created. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bToggleWebConnectors Type: REG_DWORD Value: 1
Additional Identifiers
Rule ID: SV-213181r395853_rule
Vulnerability ID: V-213181
Group Title: SRG-APP-000141
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |