CCI-002459

The organization defines the unacceptable mobile code of which the information system is to prevent download and execution.

Implementation Guidance

The organization being inspected/assessed defines and documents unacceptable mobile code of which the information system is to prevent download and execution IAW the Protection Profile for Web Browsers and Application SRG. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must define IAW the STIG/SRG guidance that pertains to CCI 2459. DoD has determined the unacceptable mobile code is not appropriate to define at the Enterprise level.

Validation Procedures

The organization conducting the inspection/assessment obtains and examines the documented unacceptable mobile code to ensure the organization being inspected/assessed defines unacceptable mobile code of which the information system is to prevent download and execution IAW the Protection Profile for Web Browsers and Application SRG. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has defined unacceptable mobile code IAW the applicable STIGs and SRGs pertaining to CCI 2459. DoD has determined the unacceptable mobile code is not appropriate to define at the Enterprise level.

Compelling Evidence

1.) Signed and dated Software Configuration Management (SCM) plan that defines and documents unacceptable mobile code of which the information system is to prevent download and execution. 2.) Applicable STIG/SRG checks pertaining to CCI 2459.

The controls below (if any) were marked by NIST as being related to CCI-002459.