Documentation - V-222618

V-222618

Application Security and Development Security Technical Implementation Guide

CAT II

Title

Unsigned Category 1A mobile code must not be used in the application in accordance with DoD policy.

Description

<VulnDiscussion>Use of un-trusted Level 1A mobile code technologies can introduce security vulnerabilities and malicious code into the client system. 1A code is defined as: - ActiveX controls - Mobile code script (JavaScript, VBScript) - Windows Scripting Host (WSH) (downloaded via URL or email) When JavaScript and VBScript execute within the browser they are Category 3, however, when they execute in WSH, they are 1A.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNeg...

Fix Text (Documentation Requirement)

Configure the application so Category 1A mobile code is signed.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel