STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-18 (1) — Mobile Code

CCI-001166

Definition

Identify organization-defined unacceptable mobile code.

Parent Control

SC-18 (1)Mobile CodeSystem and Communications Protection

Linked STIG Checks (42)

V-213168CAT IIAdobe Reader DC must enable Enhanced Security in a Standalone Application.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213169CAT IIAdobe Reader DC must enable Enhanced Security in a Browser.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213170CAT IIAdobe Reader DC must enable Protected Mode.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213171CAT IIAdobe Reader DC must enable Protected View.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213172CAT IIAdobe Reader DC must Block Websites.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213173CAT IIAdobe Reader DC must block access to Unknown Websites.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213174CAT IIAdobe Reader DC must prevent opening files other than PDF or FDF.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213175CAT IIAdobe Reader DC must block Flash Content.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-214278CAT IIThe Apache web server must use encryption strength in accordance with the categorization of data hosted by the Apache web server when remote connections are provided.Apache Server 2.4 UNIX Site Security Technical Implementation Guide V-204956CAT IIThe ALG must detect, at a minimum, mobile code that is unsigned or exhibiting unusual behavior, has not undergone a risk assessment, or is prohibited for use based on a risk assessment.Application Layer Gateway Security Requirements Guide V-222618CAT IIUnsigned Category 1A mobile code must not be used in the application in accordance with DoD policy.Application Security and Development Security Technical Implementation Guide V-204760CAT IIThe application server must identify prohibited mobile code.Application Server Security Requirements Guide V-237371CAT IIThe CA API Gateway must detect, at a minimum, mobile code that is unsigned or exhibiting unusual behavior, has not undergone a risk assessment, or is prohibited for use based on a risk assessment.CA API Gateway ALG Security Technical Implementation Guide V-239883CAT IIThe Cisco ASA must be configured to use Advanced Malware Protection (AMP) features to detect and block the transmission of malicious software and malware.Cisco ASA IPS Security Technical Implementation Guide V-270947CAT IDragos Platforms must limit privileges and not allow the ability to run shell.Dragos Platform 2.x Security Technical Implementation Guide V-278393CAT IINGINX must identify prohibited mobile code.F5 NGINX Security Technical Implementation Guide V-221559CAT IISite tracking users location must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-221580CAT IISafe Browsing must be enabled.Google Chrome Current Windows Security Technical Implementation Guide V-221590CAT IISafe Browsing Extended Reporting must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-221597CAT IIAnonymized data collection must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-221598CAT IICollection of WebRTC event logs must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-226401CAT IIGuest Mode must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-226402CAT IIAutoFill for credit cards must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-226403CAT IIAutoFill for addresses must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-226404CAT IIImport AutoFill form data must be disabled.Google Chrome Current Windows Security Technical Implementation Guide V-55343CAT IIThe IDPS must detect, at a minimum, mobile code that is unsigned or exhibiting unusual behavior, has not undergone a risk assessment, or is prohibited for use based on a risk assessment.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-206882CAT IIThe IDPS must detect, at a minimum, mobile code that is unsigned or exhibiting unusual behavior, has not undergone a risk assessment, or is prohibited for use based on a risk assessment.Intrusion Detection and Prevention Systems Security Requirements Guide V-66403CAT IIThe Juniper Networks SRX Series Gateway IDPS must detect, at a minimum, mobile code that is unsigned or exhibiting unusual behavior, has not undergone a risk assessment, or is prohibited for use based on a risk assessment.Juniper SRX SG IDPS Security Technical Implementation Guide V-66403CAT IIThe Juniper Networks SRX Series Gateway IDPS must detect, at a minimum, mobile code that is unsigned or exhibiting unusual behavior, has not undergone a risk assessment, or is prohibited for use based on a risk assessment.Juniper SRX SG IDPS Security Technical Implementation Guide V-214617CAT IIThe Juniper Networks SRX Series Gateway IDPS must detect, at a minimum, mobile code that is unsigned or exhibiting unusual behavior, has not undergone a risk assessment, or is prohibited for use based on a risk assessment.Juniper SRX Services Gateway IDPS Security Technical Implementation Guide V-205513CAT IIThe Mainframe Product must identify prohibited mobile code.Mainframe Product Security Requirements Guide V-218801CAT IIJava software installed on a production IIS 10.0 web server must be limited to .class files and the Java Virtual Machine.Microsoft IIS 10.0 Server Security Technical Implementation Guide V-223101CAT IIInternet Explorer Processes for MIME handling must be enforced. (Reserved)Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223102CAT IIInternet Explorer Processes for MIME handling must be enforced (Explorer).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223103CAT IIInternet Explorer Processes for MIME handling must be enforced (iexplore).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223104CAT IIInternet Explorer Processes for MIME sniffing must be enforced (Reserved).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223105CAT IIInternet Explorer Processes for MIME sniffing must be enforced (Explorer).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223106CAT IIInternet Explorer Processes for MIME sniffing must be enforced (iexplore).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223125CAT IIManaging SmartScreen Filter use must be enforced.Microsoft Internet Explorer 11 Security Technical Implementation Guide V-221494CAT IIOHS utilizing mobile code must meet DoD-defined mobile code requirements.Oracle HTTP Server 12.1.3 Security Technical Implementation Guide V-242189CAT IIThe TPS must detect, at a minimum, mobile code that is unsigned or exhibiting unusual behavior, has not undergone a risk assessment, or is prohibited for use based on a risk assessment.Trend Micro TippingPoint IDPS Security Technical Implementation Guide V-206392CAT IIA web server utilizing mobile code must meet DoD-defined mobile code requirements.Web Server Security Requirements Guide