CCI-001169

Implementation Guidance

Determine if: - the download of [SC-18(03)_ODP; unacceptable mobile code to be prevented from downloading and executing is defined] is prevented. - the execution of [SC-18(03)_ODP; unacceptable mobile code to be prevented from downloading and executing is defined] is prevented.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing mobile code; mobile code usage restrictions; mobile code implementation policy and procedures; system design documentation; system configuration settings and associated documentation; system audit records; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developer; organizational personnel with responsibilities for managing mobile code]. Test: [SELECT FROM: Mechanisms preventing the download and execution of unacceptable mobile code].