Lack of operational controls to protect information system memory may result in malicious code exploiting the memory space to take control of critical systems and endpoints.
The information system implements [Assignment: organization-defined security safeguards] to protect its memory from unauthorized code execution.
Execution of code is limited to appropriate personnel.
No statewide control
Obtain documents addressing memory protection and ascertain if security safeguards (such as data execution prevention through hardware or software-enforced mechanisms and address space layout randomization) are employed to protect information system's memory from unauthorized code execution.
