Adobe Acrobat Pro DC Continuous must be configured to block Flash Content.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-213122	AADC-CN-000290	SV-213122r766526_rule	CCI-000381	medium
Description
Flash has a long history of vulnerabilities. Although Flash is no longer provided with Acrobat, if the system has Flash installed, a malicious PDF could execute code on the system. Configuring Flash to run from a privileged location limits the execution capability of untrusted Flash content that may be embedded in the PDF.
STIG			Date
Adobe Acrobat Professional DC Continuous Track Security Technical Implementation Guide			2021-06-22

Related Frameworks

3 paths across 3 frameworks

NIST 800-531 mapping

CM-7

1.00

DISA · V2R1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent

NIST 800-1711 mapping

3.4.6

1.00

DISA · V2R1 · disa_xccdf · related
DISA · 2025-01-23 · disa_cci_list · equivalent
NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent

CCI1 mapping

CCI-000381

1.00

DISA · V2R1 · disa_xccdf · related

Details

Check Text (C-213122r766526_chk)

Verify the following registry configuration: Using the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bEnableFlash Type: REG_DWORD Value: 0 If the value for bEnableFlash is not set to “0” and Type is not configured to REG_DWORD or does not exist, this is a finding. Admin Template path: Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > 'Enable Flash' must be set to 'Disabled'.

Fix Text (F-14357r766525_fix)

Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bEnableFlash Type: REG_DWORD Value: 0 Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > 'Enable Flash' to 'Disabled'.