CCI-001160

Implementation Guidance

Determine if: - acceptable mobile code is defined. - unacceptable mobile code is defined. - acceptable mobile code technologies are defined. - unacceptable mobile code technologies are defined.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing mobile code; mobile code implementation policy and procedures; list of acceptable mobile code and mobile code technologies; list of unacceptable mobile code and mobile technologies; authorization records; system monitoring records; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel with responsibilities for managing mobile code]. Test: [SELECT FROM: Organizational process for authorizing, monitoring, and controlling mobile code; mechanisms supporting and/or implementing the management of mobile code; mechanisms supporting and/or implementing the monitoring of mobile code].