Unauthorized mobile code disrupts the production environment due to lack of built-in security controls.
The organization:
a. Defines acceptable and unacceptable mobile code and mobile code technologies;
b. Establishes usage restrictions and implementation guidance for acceptable mobile code and mobile code technologies; and
c. Authorizes, monitors, and controls the use of mobile code within the information system.
The usage of mobile code mechanisms is limited and/or explicitly defined.
No statewide control
Obtain system and communications protection policy; procedures addressing mobile code; mobile code usage restrictions, mobile code implementation guidance; NIST Special Publication 800-28; other relevant documents or records and ascertain if :
(I)the organization establishes usage restrictions and implementation guidance for mobile code technologies based on the potential to cause damage to the information system if used maliciously.
(ii)the organization authorizes, monitors, and controls the use of mobile code within the information system.