SC-18(3)—Mobile Code | Prevent Downloading and Execution

IL5

IL6

>Control Description

Prevent the download and execution of ⚙organization-defined unacceptable mobile code.

>DoD Impact Level Requirements

DoD FedRAMP+ Parameters

Supplemental guidance: For the protection of the infrastructure supporting a CSO, CSPs should apply this control to their organizational IT systems and the infrastructure supporting their CSO(s). For the protection of Mission Owners, their end users, and networks, CSP CSOs must not support the downloading of mobile code, which is deemed unacceptable to DOD. Refer to Section 5.11, Mobile Code, for more information.

>Discussion

None.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

•What policies govern the implementation of prevent downloading and execution?
•How are system and communications protection requirements defined and maintained?
•Who is responsible for configuring and maintaining the security controls specified in SC-18(3)?

Technical Implementation:

•How is prevent downloading and execution technically implemented in your environment?
•What systems, tools, or configurations enforce this protection requirement?
•How do you ensure that prevent downloading and execution remains effective as the system evolves?

Evidence & Documentation:

•What documentation demonstrates the implementation of SC-18(3)?
•Can you provide configuration evidence or system diagrams showing this protection control?
•What logs or monitoring data verify that this control is functioning correctly?

Ask AI

Configure your API key to use AI features.