SC.L2-3.13.13—Mobile Code
Level 2
800-171: 3.13.13
>Control Description
Control and monitor the use of mobile code.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your mobile code policy (JavaScript, ActiveX, etc.)?
- •What types of mobile code are permitted or prohibited?
- •How do you control and monitor mobile code usage?
- •What is your process for approving use of mobile code technologies?
Technical Implementation:
- •What web filtering controls mobile code execution?
- •What browser security settings restrict mobile code?
- •What application control limits mobile code?
- •What sandbox technologies contain mobile code?
- •What logging captures mobile code execution?
Evidence & Documentation:
- •What network diagrams show boundary protection architecture?
- •What firewall rule sets and configurations can you provide?
- •What encryption implementation documentation shows FIPS-validated crypto?
- •What key management procedures can you provide?
- •What network segmentation documentation shows proper separation?
- •What evidence shows cryptographic mechanisms protect CUI?
- •What configuration documentation shows security controls are properly implemented?
Ask AI
Configure your API key to use AI features.