Mobile code applications must be developed in accordance with DoD-defined mobile code requirements.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35104	SRG-APP-000295-AS-NA	SV-46391r1_rule		Medium

Description
Decisions regarding the development of mobile code within organizational information systems are based on the potential for the code to cause damage to the system if used maliciously. Mobile code technologies include but are not limited to: Java, JavaScript, ActiveX, PDF, Postscript, Shockwave movies, Flash animations, and VBScript. Mobile code is obtained from remote systems, transferred over a network, downloaded and executed on a local system without explicit installation or execution by the recipient. DoDI 8552.01 policy pertains to the use of mobile code technologies within DoD information systems. This requirement addresses issues related to the development of mobile code. Application servers host mobile code but are not used for developing it. This requirement is NA.

Description

Decisions regarding the development of mobile code within organizational information systems are based on the potential for the code to cause damage to the system if used maliciously. Mobile code technologies include but are not limited to: Java, JavaScript, ActiveX, PDF, Postscript, Shockwave movies, Flash animations, and VBScript. Mobile code is obtained from remote systems, transferred over a network, downloaded and executed on a local system without explicit installation or execution by the recipient. DoDI 8552.01 policy pertains to the use of mobile code technologies within DoD information systems. This requirement addresses issues related to the development of mobile code. Application servers host mobile code but are not used for developing it. This requirement is NA.

STIG	Date
Application Server Security Requirements Guide	2013-01-08

Details

Check Text ( C-43493r1_chk )
This requirement is NA for the AS SRG.

Fix Text (F-39657r1_fix)
The requirement is NA. No fix is required.