Skip to content
Control Stack logo Control Stack
ISM-1670 ASD Information Security Manual (ISM)

Prevent PDF Applications from Creating Child Processes

PDF software can't start other programs, stopping potential security threats.

Preventative ML2 ML3 Non-classified OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET ASD Information Security ManualGovernanceApplication securitySecure by design

🏛️ Framework

ASD Information Security Manual (ISM)

🧭 Control effect

Preventative

🔐 Classifications

NC, OS, P, S, TS

🗓️ ISM last updated

May 2025

✏️ Control Stack last updated

22 Feb 2026

🎯 E8 maturity levels

ML2, ML3

Guideline

Guidelines for system hardening

Section

User application hardening

Topic

Hardening User Application Configurations
Official control statement
PDF applications are blocked from creating child processes.

Source: ASD Information Security Manual (ISM)

Plain language

This control makes sure that PDF applications on your computer can't start other programs, which is important because hackers often try to trick these applications into doing dangerous things. Without this control, malicious PDFs could open up viruses that might damage your business or steal private information.

Why it matters

If PDF apps create child processes, malware can exploit this to install malicious software, leading to data theft or operational disruptions.

Operational notes

Confirm application control rules block PDF apps spawning child processes; test with a sample PDF and review exceptions after PDF reader updates.

Implementation tips

  • IT team should configure PDF applications to prevent them from launching other processes: They can do this by adjusting the settings within the PDF software to block any external process execution. This usually involves changing a setting in the application's preferences or settings panel.
  • Managers should ensure all staff know why PDF security settings are important: Hold a brief meeting to explain that the settings help protect against malicious attacks that can occur through PDFs. Use examples of how these attacks can impact the business to make it relatable.
  • Procurement should verify that any new PDF software complies with this control: When purchasing new software, ensure it supports preventing child processes. Check the software’s documentation or contact the vendor for verification.
  • System owners should schedule regular audits of PDF application settings: Set up a routine check, perhaps quarterly, where the IT team reviews the settings to ensure the control remains in place and is effective.
  • HR should include PDF security settings in onboarding training: Incorporate information on safe PDF use and the importance of settings that restrict child processes into the training for new employees.

Audit / evidence tips

  • Ask: the configuration settings documentation of PDF applications: Request a report or screenshot showing these settings

    Good: shows settings that explicitly disable the launch of other processes

  • Ask: staff training records related to PDF security: Request to see any records or materials used in staff training sessions

    Good: is a dated training record mentioning PDF controls

  • Ask: to see procurement criteria for PDF software: Request the checklist or document used during procurement of PDF applications

    Good: is a document showing these criteria were considered

  • Ask: audit reports of PDF application settings: Request past reports on the security audits for PDF software settings

    Good: includes a report showing regular reviews with confirmations

  • Ask: evidence of communication with software vendors: Request any emails or support tickets where vendors were asked about child process prevention features

    Good: includes vendor confirmations on compatibility with the control

Cross-framework mappings

How ISM-1670 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.

These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.

E8

Control Notes Details
Partially meets (1)
E8-AH-ML2.9 ISM-1670 requires one specific hardening setting for PDF software: blocking child process creation
Partially overlaps (2)
E8-AH-ML2.2 ISM-1670 requires that PDF applications are blocked from creating child processes to reduce execution paths from document handling
E8-AH-ML2.4 ISM-1670 requires blocking PDF applications from creating child processes, limiting a common execution technique used by malicious PDFs
Supports (1)
E8-AH-ML2.10 ISM-1670 requires the specific control that PDF applications cannot create child processes
Related (1)
E8-AH-ML2.8 E8-AH-ML2.8 requires PDF software to be blocked from creating child processes to prevent PDFs from launching other programs

Mapping detail

Mapping

Direction

Controls