PDF security
measures
NSA Recommends Security Settings for PDF Files Using JavaScript
The National Security Agency has published a technical report aimed at addressing long-standing cybersecurity issues with the PDF file format.
The NSA advised administrators not to disable the setting in Adobe Acrobat Reader DC that allows JavaScript despite the security risks associated with the programming language, Nextgov reported.
According to the report, some administrators choose to move to a more secure environment at the cost of software functionality.
Instead of disabling JavaScript altogether, administrators should use the Protected Mode and Enhanced security settings included in Adobe Acrobat to mitigate some of the programming language’s risks.
Protected Mode, which is turned on by default, allows users to examine a file in “protected view” for threats before using its full functionality.
The NSA said that the security settings will allow a greater level of collaboration, noting that JavaScript is used widely in electronic forms.
The agency also provided an Adobe Customization Wizard quick guide for administrators who only use Acrobat Reader to view PDF documents.
For administrators operating in environments where JavaScript must be disabled, the NSA recommended the use of settings that would still allow the execution of JavaScript in files from trusted locations.
The NSA noted that administrators can designate which files, directories, drives and hosts are allowed to bypass the JavaScript restrictions.
The setting allows administrators to still benefit from JavaScript’s features but greatly restricts users’ ability to exempt non-authorized documents.
Category: Defense and Intelligence