ACSC programs and advice are being migrated to (see sidebar)

An Examination of the Redaction Functionality of Adobe Acrobat Pro DC 2017

Download ACSC Protect: An Examination of the Redaction Functionality of Adobe Acrobat Pro DC 2017 (PDF), January 2019
First published 2011; updated 2018 and January 2019


There have been numerous cases of security breaches resulting from a failure to effectively redact sensitive or private information from documents prior to release into the public domain. To assist in mitigating this security risk, Adobe Acrobat Pro DC 2017 provides redaction and sanitisation functionality that aims to completely remove undesirable information and other hidden information (e.g. metadata) from PDF documents.

  • This document provides guidance on the efficacy of redaction facilities within Adobe Acrobat Pro DC 2017 and is intended for information technology and information security professionals within organisations looking to redact sensitive or personal information from PDF documents before releasing them into the public domain or to other third parties.


    • Introduction
    • Scope of testing
    • Testing results and recommendations
      • Successful redaction outcomes
      • Failures in redacting information
      • Detailed testing results
      • Recommendations
      • Further information
    • Contact details
    • Appendix A: Detailed testing results
      • Test 1: Redaction of embedded text
      • Test 2: Redaction of text within an embedded image
      • Test 3: Redaction of historical revisions of text
      • Test 4: Redaction of text within a PDF form
      • Test 5: Embedded text obscured with an image
      • Test 6: Redacting encrypted PDF documents
      • Test 7: Sanitising PDF documents
    • Appendix B: Discussion of testing results

    Contact details

    Organisations or individuals with questions regarding this advice can contact the ACSC by emailing or calling 1300 CYBER1 (1300 292 371).

  • In August 2018 ACSC launched a new website,, to reflect its new organisation.

    Cyber security programs and advice are being migrated to Information and advice on this site remains current.

    Reports help the ACSC to develop a better understanding of the threat environment and will assist other organisations who are also at risk.

    Cyber security incident reports are also used in aggregate for developing new defensive policies, procedures, techniques and training measures to help prevent future incidents.

    Information for Australian businesses
    Information for individual Australian citizens
    Information for Federal, State and Local government agencies