SC-18 Mobile Code

Control: The organization: (i) establishes usage restrictions and implementation guidance for mobile code technologies based on the potential to cause damage to the information system if used maliciously; and (ii) authorizes, monitors, and controls the use of mobile code within the information system.

Supplemental Guidance: Mobile code technologies include, for example, Java, JavaScript, ActiveX, PDF, Postscript, Shockwave movies, Flash animations, and VBScript. Usage restrictions and implementation guidance apply to both the selection and use of mobile code installed on organizational servers and mobile code downloaded and executed on individual workstations. Control procedures prevent the development, acquisition, or introduction of unacceptable mobile code within the information system. NIST Special Publication 800-28 provides guidance on active content and mobile code.

Control Enhancements: (0) None.

Baseline: LOW Not Selected MOD SC-18 HIGH SC-18

Family: System And Communications Protection

Class: Technical

ISO 17799 mapping: 10.4.1, 10.4.2

COBIT 4.1 mapping: DS5.9

PCI-DSS v2 mapping: None.