800-53|SC-18(4)

Title

PREVENT AUTOMATIC EXECUTION

Description

The information system prevents the automatic execution of mobile code in [Assignment: organization-defined software applications] and enforces [Assignment: organization-defined actions] prior to executing the code.

Supplemental

Actions enforced before executing mobile code, include, for example, prompting users prior to opening electronic mail attachments. Preventing automatic execution of mobile code includes, for example, disabling auto execute features on information system components employing portable storage devices such as Compact Disks (CDs), Digital Video Disks (DVDs), and Universal Serial Bus (USB) devices.

Reference Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Parent Title: MOBILE CODE

Family: SYSTEM AND COMMUNICATIONS PROTECTION

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.2.3 Ensure 'VBA Macro Notification Settings' is set to Enabled (Disable all Except Digitally Signed Macros)WindowsCIS Microsoft Office Access 2016 v1.0.1
1.1.3.2.3 Ensure 'VBA Macro Notification Settings' is set to Enabled (Disable all Except Digitally Signed Macros)WindowsCIS Microsoft Office Access 2013 v1.0.1
1.1.3.2.4 Ensure Set 'Disable Trust Bar Notification for unsigned application add-ins ' is set to EnabledWindowsCIS Microsoft Office Access 2016 v1.0.1
1.1.3.2.4 Ensure Set 'Disable Trust Bar Notification for unsigned application add-ins' is set to EnabledWindowsCIS Microsoft Office Access 2013 v1.0.1
1.1.9 Disable AutomountingUnixCIS Red Hat EL8 Workstation L2 v2.0.0
1.1.9 Disable AutomountingUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.1.9 Disable AutomountingUnixCIS Rocky Linux 8 Server L1 v1.0.0
1.1.9 Disable AutomountingUnixCIS CentOS Linux 8 Workstation L2 v2.0.0
1.1.9 Disable AutomountingUnixCIS Red Hat EL8 Server L1 v2.0.0
1.1.9 Disable AutomountingUnixCIS Rocky Linux 8 Workstation L2 v1.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS CentOS Linux 8 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Rocky Linux 8 Workstation L2 v1.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Rocky Linux 8 Server L1 v1.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Red Hat EL8 Server L1 v2.0.0
1.1.10 Disable USB Storage - lsmodUnixCIS Red Hat EL8 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Red Hat EL8 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS CentOS Linux 8 Workstation L2 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS CentOS Linux 8 Server L1 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Red Hat EL8 Server L1 v2.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Rocky Linux 8 Server L1 v1.0.0
1.1.10 Disable USB Storage - modprobeUnixCIS Rocky Linux 8 Workstation L2 v1.0.0
1.1.13 Disable AutomountingUnixCIS Google Container-Optimized OS L1 Server v1.0.0
1.1.21 Disable AutomountingUnixCIS Debian 8 Workstation L2 v2.0.2
1.1.22 Disable AutomountingUnixCIS Oracle Linux 8 Server L1 v1.0.1
1.1.22 Disable AutomountingUnixCIS Oracle Linux 8 Workstation L2 v1.0.1
1.1.23 Disable AutomountingUnixCIS Amazon Linux 2 v2.0.0 L1
1.1.23 Disable AutomountingUnixCIS SUSE Linux Enterprise 15 Workstation L2 v1.1.1
1.1.23 Disable AutomountingUnixCIS Oracle Linux 7 Workstation L2 v3.1.1
1.1.23 Disable AutomountingUnixCIS CentOS 7 v3.1.2 Server L1
1.1.23 Disable AutomountingUnixCIS Red Hat EL7 Server L1 v3.1.1
1.1.23 Disable AutomountingUnixCIS SUSE Linux Enterprise 15 Server L1 v1.1.1
1.1.23 Disable AutomountingUnixCIS Red Hat EL7 Workstation L2 v3.1.1
1.1.23 Disable AutomountingUnixCIS CentOS 7 v3.1.2 Workstation L2
1.1.23 Disable AutomountingUnixCIS Oracle Linux 7 Server L1 v3.1.1
1.1.27 Disable AutomountingUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation
1.1.27 Disable AutomountingUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 L1 Server
1.13.1.4 Ensure 'Do not permit download of content from safe zones' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.1.4 Ensure 'Do not permit download of content from safe zones' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.3.1.2 Ensure 'Display Level 1 attachments' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.3.1.2 Ensure 'Display Level 1 attachments' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.3.2.1 Ensure 'Allow scripts in one-off Outlook forms' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.3.2.1 Ensure 'Allow scripts in one-off Outlook forms' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.4.3 Ensure 'Security Setting for Macros' is set to Enabled:Never warn, disable allWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.4.3 Ensure 'Security Setting for Macros' is set to Enabled:Never warn, disable allWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.5 Ensure 'Allow Active X One Off Forms' is set to Enabled:Load only Outlook ControlsWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.5 Ensure 'Allow Active X One Off Forms' is set to Enabled:Load only Outlook ControlsWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.6 Ensure 'Configure Add-In Trust Level' is set to Enabled:Trust all loaded and installed COM addinsWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.6 Ensure 'Configure Add-In Trust Level' is set to Enabled:Trust all loaded and installed COM addinsWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.16 Set 'Do not allow Outlook object model scripts to run for shared folders' to 'Enabled'WindowsCIS MS Office Outlook 2010 v1.0.0