CCI-001170

Implementation Guidance

Determine if: - the automatic execution of mobile code in [SC-18(04)_ODP[01]; software applications in which the automatic execution of mobile code is to be prevented are defined] is prevented. - [SC-18(04)_ODP[02]; actions to be enforced by the system prior to executing mobile code are defined] are enforced prior to executing mobile code.

Validation Procedures

Examine: [SELECT FROM: System and communications protection policy; procedures addressing mobile code; mobile code usage restrictions; mobile code implementation policy and procedures; system design documentation; system configuration settings and associated documentation; list of software applications in which the automatic execution of mobile code must be prohibited; list of actions required before execution of mobile code; system security plan; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; system developer; organizational personnel with responsibilities for managing mobile code]. Test: [SELECT FROM: Mechanisms preventing the automatic execution of unacceptable mobile code; mechanisms enforcing actions to be taken prior to the execution of the mobile code].