Detections
Analytics

800-53|SC-18

Title

MOBILE CODE

Description

The organization:

Supplemental

Decisions regarding the employment of mobile code within organizational information systems are based on the potential for the code to cause damage to the systems if used maliciously. Mobile code technologies include, for example, Java, JavaScript, ActiveX, Postscript, PDF, Shockwave movies, Flash animations, and VBScript. Usage restrictions and implementation guidance apply to both the selection and use of mobile code installed on servers and mobile code downloaded and executed on individual workstations and devices (e.g., smart phones). Mobile code policy and procedures address preventing the development, acquisition, or introduction of unacceptable mobile code within organizational information systems.

Reference Item Details

Related: AU-12,AU-2,CM-2,CM-6,SI-3

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Priority: P2

Baseline Impact: MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 Set 'Allow software to run or install even if the signature is invalid' to 'Disabled'WindowsCIS IE 10 v1.1.0
1.4 Set 'Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet' to 'Enabled'WindowsCIS IE 10 v1.1.0
2.1 Set 'Prevent per-user installation of ActiveX controls' to 'Enabled'WindowsCIS IE 10 v1.1.0
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'MDMAirWatch - CIS Apple iPadOS 17 v1.1.0 End User Owned L1
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'MDMMobileIron - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'MDMMobileIron - CIS Apple iOS 18 v1.0.0 L1 End User Owned
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'MDMAirWatch - CIS Apple iOS 17 Benchmark v1.1.0 End User Owned L1
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'MDMMobileIron - CIS Apple iOS 17 v1.1.0 End User Owned L1
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'MDMAirWatch - CIS Apple iOS 18 Benchmark v1.0.0 L1 End User Owned
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'MDMAirWatch - CIS Apple iPadOS 18 v1.0.0 L1 End User Owned
2.2.2.1 Ensure 'Force fraud warning' is set to 'Enabled'MDMMobileIron - CIS Apple iPadOS 17 v1.1.0 End User Owned L1
2.5 Set 'Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled' to 'Enabled'WindowsCIS IE 10 v1.1.0
7.1 Set 'Restrict ActiveX Install' to 'Enabled'WindowsCIS IE 10 v1.1.0
7.1.1 Ensure Protect Mail Activity in Mail Is EnabledUnixCIS Apple macOS 10.15 Catalina v3.0.0 L2
7.1.1 Ensure Protect Mail Activity in Mail Is EnabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L2
7.2.4 Ensure Warn When Visiting A Fradulent Website in Safari Is EnabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
7.2.10 Ensure Pop-up Windows Are BlockedUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
7.2.12 Ensure Show Status Bar Is EnabledUnixCIS Apple macOS 11.0 Big Sur v4.0.0 L1
7.3 Set 'Mime Sniffing Safety Feature' to 'Enabled'WindowsCIS IE 10 v1.1.0
7.4 Disable Popups Initiated by PluginsWindowsCIS Mozilla Firefox 102 ESR Windows L1 v1.0.0
7.4 Disable Popups Initiated by PluginsUnixCIS Mozilla Firefox 102 ESR Linux L1 v1.0.0
7.6 Set 'Consistent Mime Handling' to 'Enabled'WindowsCIS IE 10 v1.1.0
8.1.5 Set 'Run .NET Framework-reliant components signed with Authenticode' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.1.8 Set 'Only allow approved domains to use ActiveX controls without prompt' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.1.10 Set 'Run .NET Framework-reliant components not signed with Authenticode' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.1.12 Set 'Download unsigned ActiveX controls' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.1.13 Set 'Download signed ActiveX controls' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.1.14 Set 'Allow font downloads' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.1.18 Set 'XAML Files' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.1.19 Set 'Initialize and script ActiveX controls not marked as safe' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.1.22 Set 'Access data sources across domains' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.1.26 Set 'Enable dragging of content from different domains within a window' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.1.28 Set 'Enable dragging of content from different domains across windows' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.1.34 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled'WindowsCIS IE 11 v1.0.0
8.2.2 Set 'Initialize and script ActiveX controls not marked as safe' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.2.4 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled'WindowsCIS IE 11 v1.0.0
8.3.3 Set 'Download signed ActiveX controls' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.3.4 Set 'Script ActiveX controls marked safe for scripting' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.3.14 Set 'XAML Files' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.3.15 Set 'Allow font downloads' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.3.21 Set 'Download unsigned ActiveX controls' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.3.24 Set 'Only allow approved domains to use ActiveX controls without prompt' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.3.26 Set 'Run ActiveX controls and plugins' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.3.27 Set 'Run .NET Framework-reliant components not signed with Authenticode' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.3.35 Set 'Enable dragging of content from different domains within a window' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.3.37 Set 'Access data sources across domains' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.3.40 Set 'Enable dragging of content from different domains across windows' to 'Enabled:Disable'WindowsCIS IE 10 v1.1.0
8.3.42 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled'WindowsCIS IE 11 v1.0.0
18.9.8.1 Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.8.1 Ensure 'Disallow Autoplay for non-volume devices' is set to 'Enabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0