| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the DBMS architecture makes it impossible for any user, even with the highest privileges, to modify the structure and logic of its built-in security objects, and if there are no additional, locally-defined security objects in the database(s), this is not a finding. Review DBMS documentation to verify that audit records can be produced when the system denies or fails to complete attempts to modify security objects. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when the system denies attempts to modify security objects. If they are not produced, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent attempts to modify security objects. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when it denies or fails to complete attempts to modify security objects, such as tables, views, procedures, and functions. Configure the DBMS to produce audit records when it denies attempts to modify security objects, to include reads, creations, modifications, and deletions. Configure the DBMS to produce audit records when other errors prevent attempts to modify security objects, to include reads, creations, modifications, and deletions.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when categories of information are modified. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when categories of information are modified. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when categories of information are modified. Configure the DBMS to produce audit records when categories of information are modified.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when the system denies or fails to complete attempts to modify categories of information. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when the system denies attempts to modify categories of information. If they are not produced, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent attempts to modify categories of information. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when it denies or fails to complete modification of categories of information. Configure the DBMS to produce audit records when it denies modification of categories of information. Configure the DBMS to produce audit records when other errors prevent modification of categories of information.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when privileges/permissions/role memberships are removed, revoked, or denied to any user or role. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when privileges/permissions/role memberships are removed, revoked, or denied to any user or role. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when privileges/permissions/role memberships are removed, revoked, or denied to any user or role. Configure DBMS audit settings to generate an audit record when privileges/permissions/role memberships are removed, revoked, or denied to any user or role.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when the system denies or fails to complete attempts remove, revoke, or deny privileges/permissions/role membership to any user or role. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when the system denies attempts to remove, revoke, or deny privileges/permissions/role membership to any user or role. If they are not produced, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent attempts to remove, revoke, or deny privileges/permissions/role membership to any user or role. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when it denies or fails to complete attempts to remove, revoke, or deny privileges/permissions/role membership to any user or role. Configure the DBMS to produce audit records when it denies attempts to remove, revoke, or deny privileges/permissions/role membership to any user or role. Configure the DBMS to produce audit records when other errors prevent attempts to remove, revoke, or deny privileges/permissions/role membership to any user or role.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the DBMS architecture makes it impossible for any user, even with the highest privileges, to drop its built-in security objects, and if there are no additional, locally-defined security objects in the database(s), this is not a finding. Review DBMS documentation to verify that audit records can be produced when security objects are drop. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when security objects are drop. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when security objects are deleted. Configure the DBMS to produce audit records when security objects are deleted.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the DBMS architecture makes it impossible for any user, even with the highest privileges, to drop its built-in security objects, and if there are no additional, locally-defined security objects in the database(s), this is not a finding. Review DBMS documentation to verify that audit records can be produced when the system denies or fails to complete attempts to drop security objects. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when the system denies attempts to drop security objects. If they are not produced, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent attempts to drop security objects. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when it denies or fails to complete attempts to delete security objects. Configure the DBMS to produce audit records when it denies attempts to delete security objects. Configure the DBMS to produce audit records when other errors prevent attempts to delete security objects.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when categories of information are deleted. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when categories of information are deleted. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when categories of information are deleted. Configure the DBMS to produce audit records when categories of information are deleted.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that audit records can be produced when the system denies or fails to complete attempts to delete categories of information. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when the system denies attempts to delete categories of information. If they are not produced, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when other errors prevent attempts to delete categories of information. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when it denies or fails to complete deletion of categories of information. Configure the DBMS to produce audit records when it denies deletion of categories of information. Configure the DBMS to produce audit records when other errors prevent deletion of categories of information.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DBMS audit settings. If an audit record is not generated each time a user (or other principal) logs on or connects to the DBMS, this is a finding.
Fix Text
Configure DBMS audit settings to generate an audit record each time a user (or other principal) logs on or connects to the DBMS. Ensure that the audit record contains the time of the event, the user ID, and session identifier.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DBMS audit settings. If an audit record is not generated each time a user (or other principal) attempts but fails to log on or connect to the DBMS (including attempts where the user ID is invalid/unknown), this is a finding.
Fix Text
Configure DBMS audit settings to generate an audit record each time a user (or other principal) attempts but fails to log on or connect to the DBMS. Include attempts where the user ID is invalid/unknown. Ensure that the audit record contains the time of the event and the user ID that was entered (if any).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that authorized administrative users can designate actions as privileged and that audit records can be produced when privileged actions occur. If the DBMS is not capable of this, this is a finding. Review the system documentation to obtain the definition of the database/DBMS functionality considered privileged in the context of the system in question. Review the DBMS/database security and audit configurations and/or other means used to implement audit logging. If audit logging covers at least all of the actions defined as privileged, this is not a finding; otherwise, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when privileged actions occur. Configure the DBMS to produce audit records when privileged actions occur.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that authorized administrative users can designate actions as privileged and that audit records can be produced when the DBMS prevents attempted privileged actions. If the DBMS is not capable of this, this is a finding. Review the DBMS/database security and audit configurations to verify that audit records are produced when the DBMS prevents attempted privileged actions. If they are not produced, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when the DBMS prevents attempted privileged action. Configure the DBMS to produce audit records when the DBMS prevents attempted privileged actions.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DBMS audit settings. If an audit record is not generated each time a user (or other principal) logs off or disconnects from the DBMS voluntarily, or forced by the system, or because of connection or other failure, this is a finding.
Fix Text
Configure DBMS audit settings to generate an audit record each time a user (or other principal) logs off or disconnects, whether voluntarily or forced by the system, or because of connection or other failure, from the DBMS. Ensure that the audit record contains the time of the event, the user ID, and session identifier.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DBMS audit settings. If the fact of multiple, concurrent logons by a given user (or other principal) can be reliably reconstructed from the log entries for other events, then this is not a finding. If an audit record is not generated each time a user (or other principal) who is already connected to the DBMS logs on or connects to the DBMS from a different workstation, this is a finding.
Fix Text
Configure DBMS audit settings to generate an audit record each time a user (or other principal) who is already connected to the DBMS logs on or connects to the DBMS from a different workstation.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that administrative users can specify database objects for which access must be audited and can specify which kinds of access must be audited. If the DBMS is not capable of this, this is a finding. Review system documentation to determine whether the application owner has specified database objects (tables, views, procedures, functions, etc.) for which access must be audited. Review the DBMS/database security and audit settings to verify that the specified access to the specified objects is audited. If not, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when object access occurs. Configure audit settings to create audit records when the specified access to the specified objects occurs.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review DBMS documentation to verify that administrative users can specify database objects for which access must be audited, and can specify which kinds of access must be audited. If the DBMS is not capable of this, this is a finding. Review DBMS documentation to determine whether the application owner has specified database objects (tables, views, procedures, functions, etc.) for which access must be audited. Review the DBMS/database security and audit settings to verify that audit records are created for unsuccessful attempts at the specified access to the specified objects. If not, this is a finding.
Fix Text
Deploy a DBMS capable of producing the required audit records when object access occurs. Configure audit settings to create audit records when the specified access to the specified objects is unsuccessfully attempted.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the DBMS does not generate audit records for all direct access to the database(s), this is a finding.
Fix Text
Configure the DBMS to generate audit records for all direct access to the database(s).
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the DBMS does not employ NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures, this is a finding.
Fix Text
Implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
If the DBMS does not employ NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and verify cryptographic hashes, this is a finding.
Fix Text
Implement a NIST FIPS 140-2 or 140-3 validated cryptographic module in the DBMS for generation and verification of cryptographic hashes.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Verify the DBMS implements NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements. If the DBMS does not implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements, this is a finding.
Fix Text
Configure the DBMS to implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the system documentation for a description of how audit records are off-loaded. If the DBMS has a continuous network connection to the centralized log management system, but the DBMS audit records are not written directly to the centralized log management system or transferred in near-real-time, this is a finding. If the DBMS does not have a continuous network connection to the centralized log management system, and the DBMS audit records are not transferred to the centralized log management system weekly or more often, this is a finding.
Fix Text
Configure the DBMS or deploy and configure software tools to transfer audit records to a centralized log management system, continuously and in near-real time where a continuous network connection to the log management system exists, or at least weekly in the absence of such a connection.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-DB-002 | - | 2026-03-06 | |||
Finding DetailsNo details recorded. Comments |
|||||
Check Text
Review the DBMS documentation and configuration to determine if the DBMS is configured in accordance with DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs and IAVMs. If the DBMS is not configured in accordance with security configuration settings, this is a finding.
Fix Text
Configure the DBMS in accordance with DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, and DTMs and IAVMs.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeAcrobatProDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2582BBA1DF4E7465A6FEFF67BAA7E330F7990C4F ~~~~~ 'Enable Enhanced Security Standalone' is Enabled Registry Path: HKLM:\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bEnhancedSecurityStandalone Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bEnhancedSecurityStandalone Type: REG_DWORD Value: 1 If the value for bEnhancedSecurityStandalone is not set to “1” and Type is not configured to REG_DWORD or does not exist, this is a finding. GUI path: Edit > Preferences > Security (Enhanced) > In the 'Enhanced Security' section> Verify 'Enable Enhanced Security' checkbox is checked and greyed out (locked). If the box is not checked nor greyed out (locked), this is a finding. Admin Template path: Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > Security (Enhanced) > 'Enable Enhanced Security Standalone' must be set to 'Enabled'.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bEnhancedSecurityStandalone Type: REG_DWORD Value: 1 Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > Security (Enhanced) > 'Enable Enhanced Security Standalone' to 'Enabled'.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeAcrobatProDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 2E99D6A2484A2A09EF817BC9259A75E1627605C5 ~~~~~ Enable Enhanced Security In Browser is Enabled Registry Path: HKLM:\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bEnhancedSecurityInBrowser Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bEnhancedSecurityInBrowser Type: REG_DWORD Value: 1 If the value for bEnhancedSecurityInBrowser is not set to “1” and Type is not configured to REG_DWORD or does not exist, this is a finding. Admin Template path: Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > Security (Enhanced) > 'Enable Enhanced Security In Browser' must be set to 'Enabled'.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bEnhancedSecurityInBrowser Type: REG_DWORD Value: 1 Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > Security (Enhanced) > 'Enable Enhanced Security In Browser' to 'Enabled'.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeAcrobatProDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 766D52AE79E81AB187C87B1C7446D2E1707DF040 ~~~~~ Allow opening of non-PDF file attachments with external applications is Disabled Registry Path: HKLM:\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: iFileAttachmentPerms Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: iFileAttachmentPerms Type: REG_DWORD Value: 1 If the value for iFileAttachmentPerms is not set to “1” and Type is not configured to REG_DWORD or does not exist, this is a finding. GUI path: Edit > Preferences > Trust Manager > In the 'PDF File Attachments' section > Verify 'Allow opening of non-PDF file attachments with external applications' checkbox is unchecked and greyed out (locked). If the box is checked and not greyed out (locked), this is a finding. Admin Template path: Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > Trust Manager > 'Allow opening of non-PDF file attachments with external applications' must be set to 'Disabled'.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: iFileAttachmentPerms Type: REG_DWORD Value: 1 Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > Trust Manager > 'Allow opening of non-PDF file attachments with external applications' to 'Disabled'.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeAcrobatProDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 77D09F578BB649D8CCDCDE9E62D536FD56236438 ~~~~~ Enable Flash is Disabled Registry Path: HKLM:\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bEnableFlash Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Using the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bEnableFlash Type: REG_DWORD Value: 0 If the value for bEnableFlash is not set to “0” and Type is not configured to REG_DWORD or does not exist, this is a finding. Admin Template path: Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > 'Enable Flash' must be set to 'Disabled'.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bEnableFlash Type: REG_DWORD Value: 0 Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > 'Enable Flash' to 'Disabled'.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeAcrobatProDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: E33C4ACE87A19F939B386635DC74CD3B1B4A0519 ~~~~~ Send and Track plugin is Disabled Registry Path: HKLM:\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cCloud Value Name: bAdobeSendPluginToggle Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Note: The Key Name "cCloud" is not created by default in the Acrobat Pro DC install and must be created. Using the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cCloud Value Name: bAdobeSendPluginToggle Type: REG_DWORD Value: 1 If the value for bAdobeSendPluginToggle is not set to “1” and Type is not configured to REG_DWORD or does not exist, this is a finding. Admin Template path: Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > 'Send and Track plugin' must be set to 'Disabled'.
Fix Text
Configure the following registry value: Note: The Key Name "cCloud" is not created by default in the Acrobat Pro DC install and must be created. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cCloud Value Name: bAdobeSendPluginToggle Type: REG_DWORD Value: 1 Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > 'Send and Track plugin' to 'Disabled'.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeAcrobatProDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0B18104F36900897578117B8B65239CDFDE4EFDE ~~~~~ Privileged folder locations is Disabled Registry Path: HKLM:\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bDisableTrustedFolders Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Using the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bDisableTrustedFolders Type: REG_DWORD Value: 1 If the value for bDisableTrustedFolders is not set to “1” and Type is not configured to REG_DWORD or does not exist, this is a finding. GUI path: Edit > Preferences > Security (Enhanced) > In the 'Privileged Locations' section, verify 'Add Folder Path' option is greyed out (locked). If this option is not greyed out, this is a finding. Admin Template path: Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > Security (Enhanced) > 'Privileged folder locations' must be set to 'Disabled'.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bDisableTrustedFolders Type: REG_DWORD Value: 1 Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > Security (Enhanced) > 'Privileged folder locations' to 'Disabled'.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeAcrobatProDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 25224B6C8D791D7D4BB4FA0854F50E0FC4877307 ~~~~~ Protected Mode is Enabled Registry Path: HKLM:\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bProtectedMode Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Using the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bProtectedMode Type: REG_DWORD Value: 1 If the value for bProtectedMode is not set to “1” and Type is not configured to REG_DWORD or does not exist, this is a finding. Admin Template path: Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > 'Protected Mode' must be set to 'Enabled'.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: bProtectedMode Type: REG_DWORD Value: 1 Configure the policy value for Computer Configuration > Administrative Templates > Adobe Acrobat Pro DC Continuous > Preferences > 'Protected Mode' to 'Enabled'.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeAcrobatProDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: EB6A6C9377411B62CD89F369AF26C702C1E75118 ~~~~~ 'Protected View' is Enabled with 'All files' Registry Path: HKLM:\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: iProtectedView Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Using the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: iProtectedView Type: REG_DWORD Value: 2 If the value for iProtectedView is not set to “2” and Type is not configured to REG_DWORD or does not exist, this is a finding. GUI path: Edit > Preferences > Security (Enhanced) > In the 'Protected View' section, verify the radio button for 'All files' is checked and greyed out (locked). If the button is not checked nor greyed out, this is a finding. Admin Template path: Computer Configuration > Administrative Template > Adobe Acrobat Pro DC Continuous > Preferences > Security (Enhanced) > 'Protected View' must be set to 'Enabled' and 'All files' selected in the drop down box.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown Value Name: iProtectedView Type: REG_DWORD Value: 2 Configure the policy value for Computer Configuration > Administrative Template > Adobe Acrobat Pro DC Continuous > Preferences > Security (Enhanced) > 'Protected View' to 'Enabled' and select 'All files' in the drop down box.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeAcrobatProDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 8CEB7FF7421E90F851884A0D3947C3EEEADBD6F0 ~~~~~ 'Store files on Adobe.com' is Disabled Registry Path: HKLM:\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cCloud Value Name: bDisableADCFileStore Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Note: The Key Name "cCloud" is not created by default in the Acrobat Pro DC install and must be created. Using the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cCloud Value Name: bDisableADCFileStore Type: REG_DWORD Value: 1 If the value for bDisableADCFileStore is not set to “1” and Type is not configured to REG_DWORD or does not exist, this is a finding. Admin Template path: Computer Configuration > Administrative Template > Adobe Acrobat Pro DC Continuous > Preferences > 'Store files on Adobe.com' must be set to 'Disabled'.
Fix Text
Configure the following registry value: Note: The Key Name "cCloud" is not created by default in the Acrobat Pro DC install and must be created. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cCloud Value Name: bDisableADCFileStore Type: REG_DWORD Value: 1 Configure the policy value for Computer Configuration > Administrative Template > Adobe Acrobat Pro DC Continuous > Preferences > 'Store files on Adobe.com' to 'Disabled'.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-WS-92010 | 164.231.187.45 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeAcrobatProDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: BC832AD8701753E800B1B4A8E0048849D4909E06 ~~~~~ Cloud Synchronization is Disabled Registry Path: HKLM:\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cServices Value Name: bTogglePrefsSync Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Using the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cServices Value Name: bTogglePrefsSync Type: REG_DWORD Value: 1 If the value for bTogglePrefsSync is not set to “1” and Type is not configured to REG_DWORD or does not exist, this is a finding. Admin Template path: Computer Configuration > Administrative Template > Adobe Acrobat Pro DC Continuous > Preferences > 'Cloud Synchronization' must be set to 'Disabled'.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Adobe Acrobat\DC\FeatureLockDown\cServices Value Name: bTogglePrefsSync Type: REG_DWORD Value: 1 Configure the policy value for Computer Configuration > Administrative Template > Adobe Acrobat Pro DC Continuous > Preferences > 'Cloud Synchronization' to 'Disabled'.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 026A7712392177E522A06BA0BAE45493CC2E4EF5 ~~~~~ 'Enable Enhanced Security Standalone' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnhancedSecurityStandalone Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 026A7712392177E522A06BA0BAE45493CC2E4EF5 ~~~~~ 'Enable Enhanced Security Standalone' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnhancedSecurityStandalone Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 026A7712392177E522A06BA0BAE45493CC2E4EF5 ~~~~~ 'Enable Enhanced Security Standalone' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnhancedSecurityStandalone Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnhancedSecurityStandalone Type: REG_DWORD Value: 1 If the value for bEnhancedSecurityStandalone is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnhancedSecurityStandalone Type: REG_DWORD Value: 1
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 0E65388627213752CFE0EE642175597DDB0ABB12 ~~~~~ 'Enable Enhanced Security In Browser' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnhancedSecurityInBrowser Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 0E65388627213752CFE0EE642175597DDB0ABB12 ~~~~~ 'Enable Enhanced Security In Browser' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnhancedSecurityInBrowser Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 0E65388627213752CFE0EE642175597DDB0ABB12 ~~~~~ 'Enable Enhanced Security In Browser' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnhancedSecurityInBrowser Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnhancedSecurityInBrowser Type: REG_DWORD Value: 1 If the value for bEnhancedSecurityInBrowser is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnhancedSecurityInBrowser Type: REG_DWORD Value: 1
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: F56BA44B4F03A7705BDC04245F1970912B529F40 ~~~~~ 'Enable Protected Mode at startup' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bProtectedMode Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: F56BA44B4F03A7705BDC04245F1970912B529F40 ~~~~~ 'Enable Protected Mode at startup' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bProtectedMode Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: F56BA44B4F03A7705BDC04245F1970912B529F40 ~~~~~ 'Enable Protected Mode at startup' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bProtectedMode Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bProtectedMode Type: REG_DWORD Value: 1 If the value for bProtectedMode is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bProtectedMode Type: REG_DWORD Value: 1
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 9C834D0F57BEA07235F5FD2EA669F35F0DFE5DE9 ~~~~~ 'Protected View: All files' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: iProtectedView Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 9C834D0F57BEA07235F5FD2EA669F35F0DFE5DE9 ~~~~~ 'Protected View: All files' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: iProtectedView Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9C834D0F57BEA07235F5FD2EA669F35F0DFE5DE9 ~~~~~ 'Protected View: All files' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: iProtectedView Value: 0x00000002 (2) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: iProtectedView Type: REG_DWORD Value: 2 If the value for iProtectedView is not set to “2” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: iProtectedView Type: REG_DWORD Value: 2
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 932AE2BE1F475877B8951F72A07E56BB4603F1CB ~~~~~ 'Access to websites: Block PDF files access to all web sites' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchURLPerms Value Name: iURLPerms Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 932AE2BE1F475877B8951F72A07E56BB4603F1CB ~~~~~ 'Access to websites: Block PDF files access to all web sites' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchURLPerms Value Name: iURLPerms Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 932AE2BE1F475877B8951F72A07E56BB4603F1CB ~~~~~ 'Access to websites: Block PDF files access to all web sites' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchURLPerms Value Name: iURLPerms Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchURLPerms Value Name: iURLPerms Type: REG_DWORD Value: 1 Value: 0 - only with a documented ISSO risk acceptance If the value for “iURLPerms” is set to “0” and a documented ISSO risk acceptance approving access to websites is provided, this is not a finding. If the value for “iURLPerms” is not set to “1” and “Type” configured to “REG_DWORD” or does not exist, this is a finding.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchURLPerms Value Name: iURLPerms Type: REG_DWORD Value: 1 If configuring system to allow access to websites, obtain documented ISSO approvals and risk acceptance and set “iURLPerms” to “0”.
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: B2DD2F1F5DAC28D6AFCC9352F293636944DE3891 ~~~~~ 'Access to unknown websites: Block access' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchURLPerms Value Name: iUnknownURLPerms Value: 0x00000003 (3) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: B2DD2F1F5DAC28D6AFCC9352F293636944DE3891 ~~~~~ 'Access to unknown websites: Block access' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchURLPerms Value Name: iUnknownURLPerms Value: 0x00000003 (3) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: B2DD2F1F5DAC28D6AFCC9352F293636944DE3891 ~~~~~ 'Access to unknown websites: Block access' is Enabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchURLPerms Value Name: iUnknownURLPerms Value: 0x00000003 (3) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchURLPerms Value Name: iUnknownURLPerms Type: REG_DWORD Value: 3 If the value for iUnknownURLPerms is not set to “3” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cDefaultLaunchURLPerms Value Name: iUnknownURLPerms Type: REG_DWORD Value: 3
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: D01E4CAC41C0A6D973296E957E479B08E93172AF ~~~~~ 'Allow opening of non-PDF file attachments with external applications' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: iFileAttachmentPerms Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: D01E4CAC41C0A6D973296E957E479B08E93172AF ~~~~~ 'Allow opening of non-PDF file attachments with external applications' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: iFileAttachmentPerms Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: D01E4CAC41C0A6D973296E957E479B08E93172AF ~~~~~ 'Allow opening of non-PDF file attachments with external applications' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: iFileAttachmentPerms Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: iFileAttachmentPerms Type: REG_DWORD Value: 1 If the value for iFileAttachmentPerms is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: iFileAttachmentPerms Type: REG_DWORD Value: 1
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 9A5846A993365728C937DB0A533035091798AA6B ~~~~~ 'Enable Flash' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnableFlash Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 9A5846A993365728C937DB0A533035091798AA6B ~~~~~ 'Enable Flash' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnableFlash Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 9A5846A993365728C937DB0A533035091798AA6B ~~~~~ 'Enable Flash' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnableFlash Value: 0x00000000 (0) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnableFlash Type: REG_DWORD Value: 0 If the value for bEnableFlash is not set to “0” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bEnableFlash Type: REG_DWORD Value: 0
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 77B9CB076F85356B6622BD5D925A259B76DFC001 ~~~~~ 'Service access to Document Cloud Services' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bToggleAdobeDocumentServices Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 77B9CB076F85356B6622BD5D925A259B76DFC001 ~~~~~ 'Service access to Document Cloud Services' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bToggleAdobeDocumentServices Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 77B9CB076F85356B6622BD5D925A259B76DFC001 ~~~~~ 'Service access to Document Cloud Services' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bToggleAdobeDocumentServices Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Note: The Key Name "cServices" is not created by default in the Adobe Reader DC install and must be created. Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bToggleAdobeDocumentServices Type: REG_DWORD Value: 1 If the value for bToggleAdobeDocumentServices is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Note: The Key Name "cServices" is not created by default in the Adobe Reader DC install and must be created. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bToggleAdobeDocumentServices Type: REG_DWORD Value: 1
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 248D55C7A60D311F7472FCB52DD285B28BE3101F ~~~~~ 'Cloud Synchronization' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bTogglePrefsSync Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 248D55C7A60D311F7472FCB52DD285B28BE3101F ~~~~~ 'Cloud Synchronization' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bTogglePrefsSync Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 248D55C7A60D311F7472FCB52DD285B28BE3101F ~~~~~ 'Cloud Synchronization' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bTogglePrefsSync Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Note: The Key Name "cServices" is not created by default in the Adobe Reader DC install and must be created. Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bTogglePrefsSync Type: REG_DWORD Value: 1 If the value for bTogglePrefsSync is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Note: The Key Name "cServices" is not created by default in the Adobe Reader DC install and must be created. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bTogglePrefsSync Type: REG_DWORD Value: 1
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 76884A3735685CEC045A7F1BC1BC4624CC703837 ~~~~~ 'Third-party web connectors' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bToggleWebConnectors Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 76884A3735685CEC045A7F1BC1BC4624CC703837 ~~~~~ 'Third-party web connectors' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bToggleWebConnectors Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 76884A3735685CEC045A7F1BC1BC4624CC703837 ~~~~~ 'Third-party web connectors' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bToggleWebConnectors Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Note: The Key Name "cServices" is not created by default in the Adobe Reader DC install and must be created. Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bToggleWebConnectors Type: REG_DWORD Value: 1 If the value for bToggleWebConnectors is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Note: The Key Name "cServices" is not created by default in the Adobe Reader DC install and must be created. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cServices Value Name: bToggleWebConnectors Type: REG_DWORD Value: 1
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: AF7F7A38D7D1497D7216AA3B8E073EA76F8612E9 ~~~~~ 'WebMail' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cWebmailProfiles Value Name: bDisableWebmail Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: AF7F7A38D7D1497D7216AA3B8E073EA76F8612E9 ~~~~~ 'WebMail' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cWebmailProfiles Value Name: bDisableWebmail Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: AF7F7A38D7D1497D7216AA3B8E073EA76F8612E9 ~~~~~ 'WebMail' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cWebmailProfiles Value Name: bDisableWebmail Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Note: The Key Name "cWebmailProfiles" is not created by default in the Adobe Reader DC install and must be created. Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cWebmailProfiles Value Name: bDisableWebmail Type: REG_DWORD Value: 1 If the value for bDisableWebmail is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Note: The Key Name "cWebmailProfiles" is not created by default in the Adobe Reader DC install and must be created. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cWebmailProfiles Value Name: bDisableWebmail Type: REG_DWORD Value: 1
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 778FDCE630C51576C1AB38A6A6B02EA8336A1C4D ~~~~~ 'SharePoint and Office 365 access' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cSharePoint Value Name: bDisableSharePointFeatures Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 778FDCE630C51576C1AB38A6A6B02EA8336A1C4D ~~~~~ 'SharePoint and Office 365 access' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cSharePoint Value Name: bDisableSharePointFeatures Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 778FDCE630C51576C1AB38A6A6B02EA8336A1C4D ~~~~~ 'SharePoint and Office 365 access' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cSharePoint Value Name: bDisableSharePointFeatures Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: If configured to an approved DoD SharePoint Server, this is NA. Note: The Key Name "cSharePoint" is not created by default in the Adobe Reader DC install and must be created. Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cSharePoint Value Name: bDisableSharePointFeatures Type: REG_DWORD Value: 1 If the value for bDisableSharePointFeatures is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Note: The Key Name "cSharePoint" is not created by default in the Adobe Reader DC install and must be created. Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown\cSharePoint Value Name: bDisableSharePointFeatures Type: REG_DWORD Value: 1
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 15246B494416F0B34AC1736A02EC403E6597CEB0 ~~~~~ 'Privileged folder locations' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bDisableTrustedFolders Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: 15246B494416F0B34AC1736A02EC403E6597CEB0 ~~~~~ 'Privileged folder locations' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bDisableTrustedFolders Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: 15246B494416F0B34AC1736A02EC403E6597CEB0 ~~~~~ 'Privileged folder locations' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bDisableTrustedFolders Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bDisableTrustedFolders Type: REG_DWORD Value: 1 If the value for bDisableTrustedFolders is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bDisableTrustedFolders Type: REG_DWORD Value: 1
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-SW-89108 | 22.19.120.22 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: B2799CCFC1C83AD01D852D3BD26C39C9D28EE1C1 ~~~~~ 'Privileged host locations' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bDisableTrustedSites Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-SW-89134 | 22.19.120.21 | 2026-03-04 | |||
Finding DetailsEvaluate-STIG 1.2510.0 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 12/17/2025 ResultHash: B2799CCFC1C83AD01D852D3BD26C39C9D28EE1C1 ~~~~~ 'Privileged host locations' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bDisableTrustedSites Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
| MONT-WS-92040 | 164.231.187.72 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-AdobeReaderDCContinuous_Checks) found this to be NOT A FINDING on 10/23/2025 ResultHash: B2799CCFC1C83AD01D852D3BD26C39C9D28EE1C1 ~~~~~ 'Privileged host locations' is Disabled Registry Path: HKLM:\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bDisableTrustedSites Value: 0x00000001 (1) Type: REG_DWORD Comments |
|||||
Check Text
Verify the following registry configuration: Utilizing the Registry Editor, navigate to the following: HKEY_LOCAL_MACHINE\Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bDisableTrustedSites Type: REG_DWORD Value: 1 If the value for bDisableTrustedSites is not set to “1” and Type configured to REG_DWORD or does not exist, then this is a finding.
Fix Text
Configure the following registry value: Registry Hive: HKEY_LOCAL_MACHINE Registry Path: \Software\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown Value Name: bDisableTrustedSites Type: REG_DWORD Value: 1
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: tempdb ResultHash: B63E0AD1F33856D056FB50B5C1C7A78CE1BAEA67 ~~~~~ NOT A FINDING: The check query returned no results. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: msdb ResultHash: B63E0AD1F33856D056FB50B5C1C7A78CE1BAEA67 ~~~~~ NOT A FINDING: The check query returned no results. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: model ResultHash: B63E0AD1F33856D056FB50B5C1C7A78CE1BAEA67 ~~~~~ NOT A FINDING: The check query returned no results. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: master ResultHash: B63E0AD1F33856D056FB50B5C1C7A78CE1BAEA67 ~~~~~ NOT A FINDING: The check query returned no results. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: BEDB ResultHash: B63E0AD1F33856D056FB50B5C1C7A78CE1BAEA67 ~~~~~ NOT A FINDING: The check query returned no results. Comments |
|||||
Check Text
Execute the following query: SELECT name FROM sys.database_principals WHERE type in ('U','G') AND name LIKE '%$' If no users are returned, this is not a finding. If users are returned, determine whether each user is a computer account. Launch PowerShell. Execute the following code: Note: <name> represents the username portion of the user. For example; if the user is "CONTOSO\user1$", the username is "user1". ([ADSISearcher]"(&(ObjectCategory=Computer)(Name=<name>))").FindAll() If no account information is returned, this is not a finding. If account information is returned, this is a finding.
Fix Text
Remove all users that were returned in the check SQL Statement: SELECT name FROM sys.database_principals WHERE type in ('U','G') AND name LIKE '%$' To remove users: Run the following command for each user: DROP USER [ IF EXISTS ] <user_name>;
| Hostname | IP Address | Status | Assigned To | Last Scan | Actions |
|---|---|---|---|---|---|
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: tempdb ResultHash: AD5580665A64A351514BDE4964A09A2B55DACAE4 ~~~~~ No results were returned by the check query. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: msdb ResultHash: AD5580665A64A351514BDE4964A09A2B55DACAE4 ~~~~~ No results were returned by the check query. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: model ResultHash: AD5580665A64A351514BDE4964A09A2B55DACAE4 ~~~~~ No results were returned by the check query. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: master ResultHash: AD5580665A64A351514BDE4964A09A2B55DACAE4 ~~~~~ No results were returned by the check query. Comments |
|||||
| MONT-BE-002 | 164.231.187.37 | 2026-01-14 | |||
Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) was unable to determine a Status but found the below configuration on 10/23/2025: Instance: MONT-BE-002\BKUPEXEC64 Database: BEDB ResultHash: 0ACECDF9E0767F6A2D9E77EB2554ACC2AC0ACA4B ~~~~~ DBA, Confirm that an approved server documentation documents the need for TRUSTWORTHY in the following: InstanceName Database DatabaseOwner IsOwnerPrivileged ------------ -------- ------------- ----------------- MONT-BE-002\BKUPEXEC64 BEDB sa YES Comments |
|||||
Check Text
If the database being reviewed is MSDB, trustworthy is required to be enabled, and therefore this is not a finding. Execute the following query: SELECT SUSER_SNAME(d.owner_sid) AS DatabaseOwner, CASE WHEN d.is_trustworthy_on = 0 THEN 'No' WHEN d.is_trustworthy_on = 1 THEN 'Yes' END AS IsTrustworthy, CASE WHEN role.name IN ('sysadmin','securityadmin') OR permission.permission_name = 'CONTROL SERVER' THEN 'YES' ELSE 'No' END AS 'IsOwnerPrivileged' FROM sys.databases d LEFT JOIN sys.server_principals login ON d.owner_sid = login.sid LEFT JOIN sys.server_role_members rm ON login.principal_id = rm.member_principal_id LEFT JOIN sys.server_principals role ON rm.role_principal_id = role.principal_id LEFT JOIN sys.server_permissions permission ON login.principal_id = permission.grantee_principal_id WHERE d.name = DB_NAME() If trustworthy is not enabled, this is not a finding. If trustworthy is enabled and the database owner is not a privileged account, this is not a finding. If trustworthy is enabled and the database owner is a privileged account, review the system documentation to determine if the trustworthy property is required and authorized. If this is not documented, this is a finding.
Fix Text
Disable trustworthy on the database. ALTER DATABASE [<database name>] SET TRUSTWORTHY OFF