UCF STIG Viewer Logo

Adobe Reader DC must Block Websites.


Finding ID Version Rule ID IA Controls Severity
V-65767 ARDC-CL-000025 SV-80257r2_rule Medium
Clicking any link to the Internet poses a potential security risk. Malicious websites can transfer harmful content or silently gather data. Acrobat Reader documents can connect to websites which can pose a potential threat to DoD systems and that functionality must be blocked. However, PDF document workflows that are trusted (e.g., DoD-created) can benefit from leveraging legitimate website access with minimal risk. Therefore, the ISSO may approve of website access and accept the risk if the access provides benefit and is a trusted site or the risk associated with accessing the site has been mitigated. Adobe Reader must block access to all websites that are not specifically allowed by ISSO risk acceptance. Satisfies: SRG-APP-000112, SRG-APP-000206, SRG-APP-000207, SRG-APP-000209, SRG-APP-000210
Adobe Acrobat Reader DC Classic Track Security Technical Implementation Guide 2019-07-01


Check Text ( C-66449r4_chk )
Verify the following registry configuration:

Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\2015\FeatureLockDown\cDefaultLaunchURLPerms

Value Name: iURLPerms


Value: 1

Value: 0 – only with a documented ISSO risk acceptance

If the value for iURLPerms is set to “0” and a documented ISSO risk acceptance approving access to the websites is provided, this is not a finding.

If the value for “iURLPerms” is not set to “1” and “Type” configured to “REG_DWORD” or does not exist, this is a finding.
Fix Text (F-71837r2_fix)
Configure the following registry value:

Registry Path:
\Software\Policies\Adobe\Acrobat Reader\2015\FeatureLockDown\cDefaultLaunchURLPerms

Value Name: iURLPerms
Value: 1

If configuring the system to allow access to websites, obtain documented ISSO approvals and risk acceptance and set “iURLPerms” to “0”.