TickYouOff
Sign in
Back
🔒

Adobe Acrobat Pro DC STIG

Medium 18 items · 2 hours
testuser's avatar
testuser Published 1 month ago
Security

This checklist translates the DISA STIG guidance into actionable steps to harden Adobe Acrobat Pro DC in Windows environments. It’s intended for IT staff, system administrators, and security practitioners who manage Acrobat deployments and need to apply GPO/Intune policies and validate configuration.

Source: https://ncp.nist.gov/checklist/850

Progress
0 / 18
  1. Download STIG resources — Gather DISA-authorized STIG files before configuring systems.
  2. Download SCAP 1.3 content for Acrobat Pro DC — Get the SCAP content (DISA) matching Ver 2, Rel 1 for automated scanning.
  3. Download standalone XCCDF benchmark for the STIG — Obtain the XCCDF 1.1.4 file to drive compliance checks and scanners.
  4. Download latest GPO and Intune policy packages — Fetch the GPOs and Intune policies from DISA to apply recommended settings.
  5. Verify Acrobat Pro DC version and installation type — Confirm continuous-track build and whether install is default or custom.
  6. Backup current Acrobat configuration and create a system restore point — Save registry/app settings to revert if hardening breaks functionality.
  7. Apply latest Acrobat updates and security patches — Install vendor patches before making configuration changes.
  8. Disable JavaScript in Acrobat — Turn off or restrict JavaScript execution to reduce attack surface.
  9. Enable Protected View for files from potentially unsafe locations — Set Protected View to open untrusted files in a sandboxed reader.
  10. Enable Protected Mode (sandbox) for Acrobat — Ensure the process sandbox is active to limit file/process access.
  11. Disable or restrict embedded file execution and launch privileges — Prevent PDFs from launching external applications or embedded executables.
  12. Configure update settings to auto-check and install security updates — Set automatic updates or scheduled checks to maintain patch currency.
  13. Apply Group Policy Objects (GPOs) to managed systems — Import and link the downloaded GPOs to enforce STIG settings domain-wide.
  14. Import Intune policies to managed endpoints — Deploy Intune policy packages for cloud-managed devices.
  15. Test all changes in a representative test environment — Validate functionality and user workflows before wide deployment.
  16. Document configuration changes, versions, and implementation notes — Record applied settings, timestamps, and rollback steps for audits.
  17. Subscribe to DISA and vendor security update feeds and monitor CVEs — Track advisories to update policies and address new vulnerabilities.
  18. Send feedback or change requests to DISA — Email DISA Field Security Operations at [email protected] with comments.
Sign in to save
📝 My Notes