Detections
Analytics

800-53|SC-18

Title

MOBILE CODE

Description

The organization:

Supplemental

Decisions regarding the employment of mobile code within organizational information systems are based on the potential for the code to cause damage to the systems if used maliciously. Mobile code technologies include, for example, Java, JavaScript, ActiveX, Postscript, PDF, Shockwave movies, Flash animations, and VBScript. Usage restrictions and implementation guidance apply to both the selection and use of mobile code installed on servers and mobile code downloaded and executed on individual workstations and devices (e.g., smart phones). Mobile code policy and procedures address preventing the development, acquisition, or introduction of unacceptable mobile code within organizational information systems.

Reference Item Details

Related: AU-12,AU-2,CM-2,CM-6,SI-3

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1 (L1) Ensure 'Open 'safe' files after downloading' is 'Disabled'UnixCIS MacOS Safari v2.0.0 L1
1.1 Set 'Allow software to run or install even if the signature is invalid' to 'Disabled'WindowsCIS IE 9 v1.0.0
1.1.3.2.3 Ensure 'VBA Macro Notification Settings' is set to Enabled (Disable all Except Digitally Signed Macros)WindowsCIS Microsoft Office Access 2013 v1.0.1
1.1.3.2.3 Ensure 'VBA Macro Notification Settings' is set to Enabled (Disable all Except Digitally Signed Macros)WindowsCIS Microsoft Office Access 2016 v1.0.1
1.1.3.2.4 Ensure Set 'Disable Trust Bar Notification for unsigned application add-ins ' is set to EnabledWindowsCIS Microsoft Office Access 2016 v1.0.1
1.1.3.2.4 Ensure Set 'Disable Trust Bar Notification for unsigned application add-ins' is set to EnabledWindowsCIS Microsoft Office Access 2013 v1.0.1
1.1.4.1.1 Ensure 'Add-on Management' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.2 Ensure 'Bind to object' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.5 Ensure 'Information Bar' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.11 Ensure 'Restrict ActiveX Install' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.1.4.1.14 Ensure 'Scripted Window Security Restrictions' is set to 'Enabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
1.1.5.1 Ensure 'Automatically download attachments' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.1.5.1 Ensure 'Automatically download attachments' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.2 Set 'Allow Active X One Off Forms' to 'Enabled:Load only Outlook Controls'WindowsCIS MS Office Outlook 2010 v1.0.0
1.2 Set 'Allow software to run or install even if the signature is invalid' to 'Disabled'WindowsCIS IE 11 v1.0.0
1.2 Set 'Allow software to run or install even if the signature is invalid' to 'Disabled'WindowsCIS IE 10 v1.1.0
1.2.1.14 Ensure 'Restrict ActiveX Install' is set to Enabled - excel.exeWindowsCIS Microsoft Office 2016 v1.1.0
1.2.1.14 Ensure 'Restrict ActiveX Install' is set to Enabled - exprwd.exeWindowsCIS Microsoft Office 2016 v1.1.0
1.2.1.14 Ensure 'Restrict ActiveX Install' is set to Enabled - groove.exeWindowsCIS Microsoft Office 2016 v1.1.0
1.2.1.14 Ensure 'Restrict ActiveX Install' is set to Enabled - msaccess.exeWindowsCIS Microsoft Office 2016 v1.1.0
1.2.1.14 Ensure 'Restrict ActiveX Install' is set to Enabled - mse7.exeWindowsCIS Microsoft Office 2016 v1.1.0
1.2.1.14 Ensure 'Restrict ActiveX Install' is set to Enabled - mspub.exeWindowsCIS Microsoft Office 2016 v1.1.0
1.10 Set 'Block Trusted Zones' to 'Enabled'WindowsCIS MS Office Outlook 2010 v1.0.0
1.13 Set 'Display pictures and external content in HTML e- mail' to 'Enabled'WindowsCIS MS Office Outlook 2010 v1.0.0
1.13.1.1 Ensure 'Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.1.1 Ensure 'Automatically download content for e-mail from people in Safe Senders and Safe Recipients Lists' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.1.2 Ensure 'Block Trusted Zones' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.1.2 Ensure 'Block Trusted Zones' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.1.3 Ensure 'Display pictures and external content in HTML e-mail' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.1.3 Ensure 'Display pictures and external content in HTML e-mail' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.1.4 Ensure 'Do not permit download of content from safe zones' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.1.4 Ensure 'Do not permit download of content from safe zones' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.3.1.2 Ensure 'Display Level 1 attachments' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.3.1.2 Ensure 'Display Level 1 attachments' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.3.1.5 Ensure 'Remove file extensions blocked as Level 1' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.3.1.5 Ensure 'Remove file extensions blocked as Level 1' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.3.1.6 Ensure 'Remove file extensions blocked as Level 2' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.3.1.6 Ensure 'Remove file extensions blocked as Level 2' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.3.2.1 Ensure 'Allow scripts in one-off Outlook forms' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.3.2.1 Ensure 'Allow scripts in one-off Outlook forms' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.4.3 Ensure 'Security Setting for Macros' is set to Enabled:Never warn, disable allWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.4.3 Ensure 'Security Setting for Macros' is set to Enabled:Never warn, disable allWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.5 Ensure 'Allow Active X One Off Forms' is set to Enabled:Load only Outlook ControlsWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.5 Ensure 'Allow Active X One Off Forms' is set to Enabled:Load only Outlook ControlsWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.6 Ensure 'Configure Add-In Trust Level' is set to Enabled:Trust all loaded and installed COM addinsWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.6 Ensure 'Configure Add-In Trust Level' is set to Enabled:Trust all loaded and installed COM addinsWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.16 Set 'Do not allow Outlook object model scripts to run for shared folders' to 'Enabled'WindowsCIS MS Office Outlook 2010 v1.0.0
1.18 Set 'Do not permit download of content from safe zones' to 'Disabled'WindowsCIS MS Office Outlook 2010 v1.0.0
1.104 (L1) Ensure 'Enable upload files from mobile in Microsoft Edge desktop' is set to 'Disabled'WindowsCIS Microsoft Edge v3.0.0 L1
1.124 (L1) Ensure 'Show the Reload in Internet Explorer mode button in the toolbar' is set to 'Disabled'WindowsCIS Microsoft Edge v3.0.0 L1