I - Mission Critical Public
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000112
Group -
Adobe Acrobat Pro DC Continuous Enhanced Security for browser mode must be enabled.
Enhanced Security (ES) is a sandbox capability that restricts access to system resources and prevents PDF cross domain access. ES can be configured in two modes: Standalone mode is when Acrobat ope...Rule Medium Severity -
SRG-APP-000141
Group -
Adobe Acrobat Pro DC Continuous PDF file attachments must be blocked.
Acrobat Pro allows for files to be attached to PDF documents. Attachments represent a potential security risk because they can contain malicious content, open other dangerous files, or launch appli...Rule Medium Severity -
SRG-APP-000141
Group -
Adobe Acrobat Pro DC Continuous access to unknown websites must be restricted.
Acrobat provides the ability for the user to store a list of websites with an associated behavior of allow, ask, or block. Websites that are not in this list are unknown. PDF files can contain URLs...Rule Low Severity -
SRG-APP-000141
Group -
Adobe Acrobat Pro DC Continuous access to websites must be blocked.
PDF files can contain URLs that initiate connections to websites in order to share or get information. Any Internet access introduces a security risk as malicious websites can transfer harmful cont...Rule Low Severity -
SRG-APP-000141
Group -
Adobe Acrobat Pro DC Continuous must be configured to block Flash Content.
Flash has a long history of vulnerabilities. Although Flash is no longer provided with Acrobat, if the system has Flash installed, a malicious PDF could execute code on the system. Configuring Fl...Rule Medium Severity -
SRG-APP-000141
Group -
The Adobe Acrobat Pro DC Continuous Send and Track plugin for Outlook must be disabled.
When enabled, the Adobe Send and Track button appears in Outlook. When an email is composed it enables the ability to send large files as public links through Outlook. The attached files can be upl...Rule Medium Severity -
SRG-APP-000380
Group -
Adobe Acrobat Pro DC Continuous privileged file and folder locations must be disabled.
Privileged Locations are the primary method Acrobat uses to allow users and admins to specify trusted content that should be exempt from security restrictions, such as when Enhanced Security is ena...Rule Medium Severity -
SRG-APP-000427
Group -
Adobe Acrobat Pro DC Continuous periodic downloading of Adobe European certificates must be disabled.
By default, the user can update Adobe European certificates from an Adobe server through the GUI. When updating Adobe European certificates is disabled, it prevents the automatic download and ins...Rule Low Severity -
SRG-APP-000431
Group -
Adobe Acrobat Pro DC Continuous Protected Mode must be enabled.
Protected Mode is a “sandbox” that is essentially a read-only mode. When enabled, Acrobat allows the execution environment of untrusted PDF's and the processes the PDF may invoke but also presumes...Rule Medium Severity -
SRG-APP-000431
Group -
Adobe Acrobat Pro DC Continuous Protected View must be enabled.
Protected View is a “super-sandbox” that is essentially a read-only mode. When enabled, Acrobat strictly confines the execution environment of untrusted PDF's and the processes the PDF may invoke. ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.