UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The network device must implement detection and inspection mechanisms to identify unauthorized mobile code.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-NET-000228-NDM-NA SRG-NET-000228-NDM-NA SRG-NET-000228-NDM-NA_rule Medium
Description
Mobile code is a program that can be executed on one or several hosts other than the one they originate from. These programs offer many benefits to the organization; however, decisions regarding the use of mobile code must also include consideration of which types of mobile code are not authorized for use. Malicious mobile code can be used to install malware on a computer. The code can be transmitted through interactive Web applications such as Java, JavaScript, ActiveX, Postscript, PDF, Shockwave movies, Flash animations, and VBScript. While network device content filtering cannot replace the anti-virus and host based IDS (HIDS) protection installed on the network's endpoints, vendor or locally created network device ACLs or policy filters can be implemented which provide preemptive defense against both known and zero day vulnerabilities. Many of the protections may provide defenses before vulnerabilities are discovered and ACLs or policy filters or blacklist updates are distributed by anti-virus or malicious code solution vendors. This requirement is applicable to specific devices and does not involve the management of a network device.
STIG Date
Network Device Management Security Requirements Guide 2013-07-30

Details

Check Text ( C-SRG-NET-000228-NDM-NA_chk )
This requirement is NA for network device management.
Fix Text (F-SRG-NET-000228-NDM-NA_fix)
This requirement is NA for network device management.