CCI-001165

Implementation Guidance

Determine if: - the use of mobile code is authorized within the system. - the use of mobile code is monitored within the system. - the use of mobile code is controlled within the system

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing mobile code; mobile code implementation policy and procedures; list of acceptable mobile code and mobile code technologies; list of unacceptable mobile code and mobile technologies; authorization records; system monitoring records; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel with responsibilities for managing mobile code]. Test: [SELECT FROM: Organizational process for authorizing, monitoring, and controlling mobile code; mechanisms supporting and/or implementing the management of mobile code; mechanisms supporting and/or implementing the monitoring of mobile code].