The designer will ensure unsigned Category 2 mobile code executing in a constrained environment has no access to local system and network resources.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-6160 | APP3720 | SV-6160r1_rule | DCMC-1 | Medium |
| Description |
|---|
| Mobile code cannot conform to traditional installation and configuration safeguards, therefore, the use of local operating system resources and spawning of network connections introduce harmful and uncertain effects. |
| STIG | Date |
|---|---|
| Application Security and Development Checklist | 2014-12-22 |
Details
| Check Text ( C-3038r1_chk ) |
|---|
| If the application does not contain mobile code, this is not applicable. If any mobile code is being transmitted by the application, examine the configuration of the test machine to ensure that no network connections exist. This can be accomplished by typing the netstat command from the command prompt on a Windows client. Ensure that after the mobile code is executed, network connections do not exist. 1) If the application transmits mobile code that attempts to access local operating system resources or establish network connections to servers other than the application server, it is a finding. |
| Fix Text (F-17120r1_fix) |
|---|
| Remove unsigned unconstrained mobile code. |