Skip to content

II - Mission Support Public

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000112

    <GroupDescription></GroupDescription>
    Group
  • Adobe Acrobat Pro DC Continuous Enhanced Security for browser mode must be enabled.

    &lt;VulnDiscussion&gt;Enhanced Security (ES) is a sandbox capability that restricts access to system resources and prevents PDF cross domain access...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Adobe Acrobat Pro DC Continuous PDF file attachments must be blocked.

    &lt;VulnDiscussion&gt;Acrobat Pro allows for files to be attached to PDF documents. Attachments represent a potential security risk because they ca...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Adobe Acrobat Pro DC Continuous access to unknown websites must be restricted.

    &lt;VulnDiscussion&gt;Acrobat provides the ability for the user to store a list of websites with an associated behavior of allow, ask, or block. We...
    Rule Low Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Adobe Acrobat Pro DC Continuous access to websites must be blocked.

    &lt;VulnDiscussion&gt;PDF files can contain URLs that initiate connections to websites in order to share or get information. Any Internet access in...
    Rule Low Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • Adobe Acrobat Pro DC Continuous must be configured to block Flash Content.

    &lt;VulnDiscussion&gt;Flash has a long history of vulnerabilities. Although Flash is no longer provided with Acrobat, if the system has Flash inst...
    Rule Medium Severity
  • SRG-APP-000141

    <GroupDescription></GroupDescription>
    Group
  • The Adobe Acrobat Pro DC Continuous Send and Track plugin for Outlook must be disabled.

    &lt;VulnDiscussion&gt;When enabled, the Adobe Send and Track button appears in Outlook. When an email is composed it enables the ability to send la...
    Rule Medium Severity
  • SRG-APP-000380

    <GroupDescription></GroupDescription>
    Group
  • Adobe Acrobat Pro DC Continuous privileged file and folder locations must be disabled.

    &lt;VulnDiscussion&gt;Privileged Locations are the primary method Acrobat uses to allow users and admins to specify trusted content that should be ...
    Rule Medium Severity
  • SRG-APP-000427

    <GroupDescription></GroupDescription>
    Group
  • Adobe Acrobat Pro DC Continuous periodic downloading of Adobe European certificates must be disabled.

    &lt;VulnDiscussion&gt;By default, the user can update Adobe European certificates from an Adobe server through the GUI. When updating Adobe Europ...
    Rule Low Severity
  • SRG-APP-000431

    <GroupDescription></GroupDescription>
    Group
  • Adobe Acrobat Pro DC Continuous Protected Mode must be enabled.

    &lt;VulnDiscussion&gt;Protected Mode is a “sandbox” that is essentially a read-only mode. When enabled, Acrobat allows the execution environment o...
    Rule Medium Severity
  • SRG-APP-000431

    <GroupDescription></GroupDescription>
    Group
  • Adobe Acrobat Pro DC Continuous Protected View must be enabled.

    &lt;VulnDiscussion&gt;Protected View is a “super-sandbox” that is essentially a read-only mode. When enabled, Acrobat strictly confines the executi...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules