|SC-18 (1) Identify Unacceptable Code / Take Corrective Actions || |
Corrective actions when unacceptable mobile code is detected include, for example, blocking, quarantine, or alerting administrators. Blocking includes, for example, preventing transmission of word processing files with embedded macros when such macros have been defined to be unacceptable mobile code.
The information system identifies Assignment: organization-defined unacceptable mobile code and takes Assignment: organization-defined corrective actions.
|SC-18 (2) Acquisition / Development / Use || |
The organization ensures that the acquisition, development, and use of mobile code to be deployed in the information system meets Assignment: organization-defined mobile code requirements.
|SC-18 (3) Prevent Downloading / Execution || |
The information system prevents the download and execution of Assignment: organization-defined unacceptable mobile code.
|SC-18 (4) Prevent Automatic Execution || |
Actions enforced before executing mobile code, include, for example, prompting users prior to opening electronic mail attachments. Preventing automatic execution of mobile code includes, for example, disabling auto execute features on information system components employing portable storage devices such as Compact Disks (CDs), Digital Video Disks (DVDs), and Universal Serial Bus (USB) devices.
The information system prevents the automatic execution of mobile code in Assignment: organization-defined software applications and enforces Assignment: organization-defined actions prior to executing the code.
|SC-18 (5) Allow Execution Only In Confined Environments || |
The organization allows execution of permitted mobile code only in confined virtual machine environments.