SC-18 Mobile Code
a. Define acceptable and unacceptable mobile code and mobile code technologies; and
b. Authorize, monitor, and control the use of mobile code within the system.
- SP 800-28 Jansen W, Winograd T, Scarfone KA (2008) Guidelines on Active Content and Mobile Code. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-28, Version 2.
Control Enhancements 5
- SC-18(01) Identify Unacceptable Code and Take Corrective Actions L M H P
- SC-18(02) Acquisition, Development, and Use L M H P
- SC-18(03) Prevent Downloading and Execution L M H P
- SC-18(04) Prevent Automatic Execution L M H P
- SC-18(05) Allow Execution Only in Confined Environments L M H P
Related controls 5
- AU-02 Event Logging L M H P
- AU-12 Audit Record Generation L M H P
- CM-02 Baseline Configuration L M H P
- CM-06 Configuration Settings L M H P
- SI-03 Malicious Code Protection L M H P