Description
The organization: (i) establishes usage restrictions and implementation guidance for mobile code technologies based on the potential to cause damage to the information system if used maliciously; and (ii) authorizes, monitors, and controls the use of mobile code within the information system.\n
Supplemental Guidance
Mobile code technologies include, for example, Java, JavaScript, ActiveX, PDF, Postscript, Shockwave movies, Flash animations, and VBScript. Usage restrictions and implementation guidance apply to both the selection and use of mobile code installed on organizational servers and mobile code downloaded and executed on individual workstations. Control procedures prevent the development, acquisition, or introduction of unacceptable mobile code within the information system. NIST Special Publication 800-28 provides guidance on active content and mobile code.\n
Changes from Rev 4
Control text replaces requirement to establish usage restrictions and implementation guidance with requirement to authorize, monitor, and control the use of mobile code within the system Discussion expanded with additional examples of mobile code and factors that should be included in mobile code policy and procedures
Enhancements
(0) None.\n