STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 6 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Adobe Acrobat Professional DC Classic Track Security Technical Implementation Guide

V-213097

CAT III (Low)

Adobe Acrobat Pro DC Classic access to websites must be blocked.

Rule ID

SV-213097r557504_rule

STIG

Adobe Acrobat Professional DC Classic Track Security Technical Implementation Guide

Version

V2R1

CCIs

None

Discussion

PDF files can contain URLs that initiate connections to websites in order to share or get information. Any Internet access introduces a security risk as malicious websites can transfer harmful content or silently gather data.

Check Content

Verify the following registry configuration:

Utilizing the Registry Editor, navigate to the following:
HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\2015\FeatureLockDown\cDefaultLaunchURLPerms\

Value Name: iURLPerms
Type: REG_DWORD
Value: 1

If the value for iURLPerms is not set to "1" and Type is not configured to REG_DWORD or does not exist, this is a finding.

Setting the value for iURLPerms to "0" means that a custom settings has been selected.  Custom setting allows for specific websites to be used for PDF workflows.  These websites must be approved by the ISSO/AO otherwise the setting must be "1" which blocks access to all websites.  If the iURLPerms setting is "0" and a documented risk acceptance approving the websites is provided, this is not a finding.

GUI path: Edit > Preferences > Trust Manager > In the 'Internet Access from PDF Files outside the web browser' section > Select 'Change Settings' option > In the 'PDF Files may connect to web sites to share or get information' section > Verify the radio button 'Block PDF files access to all web sites' is selected and greyed out (locked).    If 'Custom setting' is checked, a documented risk acceptance approved by the ISSO/AO approving the websites must be provided and then this is not a finding. 

Admin Template path: Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Classic > Preferences > Trust Manager > 'Access to websites' must be set to 'Enabled' and 'Block PDF files access to all web sites' selected in the drop down box. If 'Custom setting' is selected, a documented risk acceptance approved by the ISSO/AO approving the websites must be provided and then this is not a finding. 

This policy setting requires the installation of the AcrobatProDCClassic custom templates included with the STIG package. "AcrobatProDCClassic.admx" and "AcrobatProDCClassic.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.

Fix Text

Configure the following registry value:

Registry Hive:
HKEY_LOCAL_MACHINE
Registry Path:
\Software\Policies\Adobe\Adobe Acrobat\2015\FeatureLockDown\cDefaultLaunchURLPerms\

Value Name: iURLPerms
Type: REG_DWORD
Value: 1

The setting may be set to "0" if a documented risk acceptance approving the websites is approved by the ISSO/AO.

Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Classic > Preferences > Trust Manager > 'Access to websites' to 'Enabled' and select 'Block PDF files access to all web sites' in the drop down box.  Select 'Custom setting' if needed and provide a documented risk acceptance approved by the ISSO/AO approving the websites. 

This policy setting requires the installation of the AcrobatProDCClassic custom templates included with the STIG package. "AcrobatProDCClassic.admx" and "AcrobatProDCClassic.adml" must be copied to the \Windows\PolicyDefinitions and \Windows\PolicyDefinitions\en-US directories respectively.