800-53|SC-18(1)

Title

IDENTIFY UNACCEPTABLE CODE / TAKE CORRECTIVE ACTIONS

Description

The information system identifies [Assignment: organization-defined unacceptable mobile code] and takes [Assignment: organization-defined corrective actions].

Supplemental

Corrective actions when unacceptable mobile code is detected include, for example, blocking, quarantine, or alerting administrators. Blocking includes, for example, preventing transmission of word processing files with embedded macros when such macros have been defined to be unacceptable mobile code.

Reference Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: MOBILE CODE

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.6 Set 'Select SmartScreen Filter mode for Internet Explorer 9' to 'Enabled:On'WindowsCIS IE 9 v1.0.0
7.3 Set 'Mime Sniffing Safety Feature' to 'Enabled'WindowsCIS IE 11 v1.0.0
7.3 Set 'Mime Sniffing Safety Feature' to 'Enabled'WindowsCIS IE 10 v1.1.0
7.4 Set 'Consistent Mime Handling' to 'Enabled' - (Reserved)WindowsCIS IE 9 v1.0.0
7.4 Set 'Consistent Mime Handling' to 'Enabled' - explorer.exeWindowsCIS IE 9 v1.0.0
7.4 Set 'Consistent Mime Handling' to 'Enabled' - iexplore.exeWindowsCIS IE 9 v1.0.0
7.6 Set 'Consistent Mime Handling' to 'Enabled'WindowsCIS IE 10 v1.1.0
7.6 Set 'Consistent Mime Handling' to 'Enabled'WindowsCIS IE 11 v1.0.0
7.7 Set 'Mime Sniffing Safety Feature' to 'Enabled' - (Reserved)WindowsCIS IE 9 v1.0.0
7.7 Set 'Mime Sniffing Safety Feature' to 'Enabled' - explorer.exeWindowsCIS IE 9 v1.0.0
7.7 Set 'Mime Sniffing Safety Feature' to 'Enabled' - iexplore.exeWindowsCIS IE 9 v1.0.0
8.1.34 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled'WindowsCIS IE 11 v1.0.0
8.2.4 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled'WindowsCIS IE 11 v1.0.0
8.3.42 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled'WindowsCIS IE 11 v1.0.0
8.4.3 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled'WindowsCIS IE 11 v1.0.0
8.5.3 Set 'Don't run antimalware programs against ActiveX controls' to 'Enabled:Disabled'WindowsCIS IE 11 v1.0.0
ARDC-CL-000005 - Adobe Reader DC must enable Enhanced Security in a Standalone Application.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CL-000010 - Adobe Reader DC must enable Enhanced Security in a Browser.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CL-000015 - Adobe Reader DC must enable Protected Mode.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CL-000020 - Adobe Reader DC must enable Protected View.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CL-000025 - Adobe Reader DC must Block Websites.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CL-000030 - Adobe Reader DC must block access to Unknown Websites.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CL-000035 - Adobe Reader DC must prevent opening files other than PDF or FDF.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CL-000045 - Adobe Reader DC must block Flash Content.WindowsDISA STIG Adobe Acrobat Reader DC Classic Track v2r1
ARDC-CN-000005 - Adobe Reader DC must enable Enhanced Security in a Standalone Application.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
ARDC-CN-000010 - Adobe Reader DC must enable Enhanced Security in a Browser.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
ARDC-CN-000015 - Adobe Reader DC must enable Protected Mode.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
ARDC-CN-000020 - Adobe Reader DC must enable Protected View.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
ARDC-CN-000025 - Adobe Reader DC must Block Websites.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
ARDC-CN-000030 - Adobe Reader DC must block access to Unknown Websites.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
ARDC-CN-000035 - Adobe Reader DC must prevent opening files other than PDF or FDF.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
ARDC-CN-000045 - Adobe Reader DC must block Flash Content.WindowsDISA STIG Adobe Acrobat Reader DC Continuous Track v2r1
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - ssl_moduleUnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Site v2r2 Middleware
AS24-U2-000030 - The Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided - SSLProtocolUnixDISA STIG Apache Server 2.4 Unix Site v2r2
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLEngineWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
AS24-W2-000890 - An Apache web server must maintain the confidentiality of controlled information during transmission through the use of an approved TLS version - SSLProtocolWindowsDISA STIG Apache Server 2.4 Windows Site v2r1
DTAM004 - McAfee VirusScan On-Access General Policies must be configured to notify local users when detections occur.WindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM004 - McAfee VirusScan On-Access Scanner General Settings must be configured to notify local users when detections occur.WindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM022 - McAfee VirusScan On-Delivery Email Scan Policies must be configured to find unknown program threats and Trojans.WindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM022 - McAfee VirusScan On-Delivery Email Scanner must be configured to find unknown program threats and trojans.WindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM023 - McAfee VirusScan On Delivery Email Scan Policies must be configured to find unknown macro threats.WindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM023 - McAfee VirusScan On Delivery Email Scanner Properties must be configured to find unknown macro threats.WindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTBC-0002 - Site tracking users location must be disabled.WindowsDISA STIG Google Chrome v2r6
DTBC-0038 - Safe Browsing must be enabled,WindowsDISA STIG Google Chrome v2r6
DTBC-0057 - Safe Browsing Extended Reporting must be disabled.WindowsDISA STIG Google Chrome v2r6
DTBC-0066 - Anonymized data collection must be disabled.WindowsDISA STIG Google Chrome v2r6
DTBC-0067 - Collection of WebRTC event logs must be disabled.WindowsDISA STIG Google Chrome v2r6
DTBC-0069 - Guest Mode must be disabled.WindowsDISA STIG Google Chrome v2r6