Navigate

SC-18 (1)

SC-18 (1): Identify Unacceptable Code / Take Corrective Actions

The information system identifies [Assignment: organization-defined unacceptable mobile code] and takes [Assignment: organization-defined corrective actions].

Supplemental

Corrective actions when unacceptable mobile code is detected include, for example, blocking, quarantine, or alerting administrators. Blocking includes, for example, preventing transmission of word processing files with embedded macros when such macros have been defined to be unacceptable mobile code.

CIA Levels
Confidentiality	unknown
Integrity	low
Availability	unknown

Overlays
None

Related Controls

The controls below (if any) were marked by NIST as being related to SC-18 (1).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SC-18 (1).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SC-18 (1).

CCI	Definition
CCI-001166	The information system identifies organization-defined unacceptable mobile code.
CCI-001662	The information system takes organization-defined corrective action when organization-defined unacceptable mobile code is identified.
CCI-002457	The organization defines the corrective actions to be taken when organization-defined unacceptable mobile code is identified.
CCI-002458	The organization defines what constitutes unacceptable mobile code for its information systems.