OH12-1X-000265 - OHS utilizing mobile code must meet DoD-defined mobile code requirements.

Information

Mobile code in hosted applications allows the developer to add functionality and displays to hosted applications that are fluid, as opposed to a static web page. The data presentation becomes more appealing to the user, is easier to analyze, and navigation through the hosted application and data is much less complicated.

Some mobile code technologies in use in today's applications are: Java, JavaScript, ActiveX, PDF, Postscript, Shockwave movies, Flash animations, and VBScript. The DoD has created policies that define the usage of mobile code on DoD systems. The usage restrictions and implementation guidance apply to both the selection and use of mobile code installed on organizational servers and mobile code downloaded and executed on individual workstations.

The web server may host applications that contain mobile code and therefore, must meet the DoD-defined requirements regarding the deployment and/or use of mobile code. This includes digitally signing applets in order to provide a means for the client to establish application authenticity.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Ensure that any mobile code used by any of the applications hosted on OHS follow DoD policies regarding the acquisition, development, and/or use.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_HTTP_Server_12-1-3_V2R1_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-18(1), CAT|II, CCI|CCI-001166, Rule-ID|SV-221494r415167_rule, STIG-ID|OH12-1X-000265, STIG-Legacy|SV-78937, STIG-Legacy|V-64447, Vuln-ID|V-221494

Plugin: Unix

Control ID: 4ae94ec1938f64017e06d02097be61ba92f0ec15e6eae74f39f9bcf2465bbba4