STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 4 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SC-18 (4) — Mobile Code

CCI-001170

Definition

Prevents the automatic execution of mobile code in organization-defined software applications.

Parent Control

SC-18 (4)Mobile CodeSystem and Communications Protection

Linked STIG Checks (158)

V-213168CAT IIAdobe Reader DC must enable Enhanced Security in a Standalone Application.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213169CAT IIAdobe Reader DC must enable Enhanced Security in a Browser.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213170CAT IIAdobe Reader DC must enable Protected Mode.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213171CAT IIAdobe Reader DC must enable Protected View.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213172CAT IIAdobe Reader DC must Block Websites.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213173CAT IIAdobe Reader DC must block access to Unknown Websites.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213174CAT IIAdobe Reader DC must prevent opening files other than PDF or FDF.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-213175CAT IIAdobe Reader DC must block Flash Content.Adobe Acrobat Reader DC Continuous Track Security Technical Implementation Guide V-278393CAT IINGINX must identify prohibited mobile code.F5 NGINX Security Technical Implementation Guide V-221563CAT IIIExtensions that are approved for use must be allowlisted.Google Chrome Current Windows Security Technical Implementation Guide V-221596CAT IIURLs must be allowlisted for Autoplay use.Google Chrome Current Windows Security Technical Implementation Guide V-205516CAT IIThe Mainframe Product must prevent the automatic execution of mobile code in, at a minimum, office applications, browsers, email clients, mobile code run-time environments, and mobile agent systems.Mainframe Product Security Requirements Guide V-238008CAT IIDisabling of user name and password syntax from being used in URLs must be enforced.Microsoft Access 2016 Security Technical Implementation Guide V-238010CAT IISaved from URL mark to assure Internet zone processing must be enforced.Microsoft Access 2016 Security Technical Implementation Guide V-238011CAT IINavigation to URLs embedded in Office products must be blocked.Microsoft Access 2016 Security Technical Implementation Guide V-213432CAT IIMicrosoft Defender AV must be configured to disable local setting override for reporting to Microsoft MAPS.Microsoft Defender Antivirus Security Technical Implementation Guide V-213434CAT IIMicrosoft Defender AV must join Microsoft MAPS.Microsoft Defender Antivirus Security Technical Implementation Guide V-213435CAT IIMicrosoft Defender AV must be configured to only send safe samples for MAPS telemetry.Microsoft Defender Antivirus Security Technical Implementation Guide V-213440CAT IIMicrosoft Defender AV must be configured to not allow override of behavior monitoring.Microsoft Defender Antivirus Security Technical Implementation Guide V-213446CAT IIMicrosoft Defender AV must be configured to enable behavior monitoring.Microsoft Defender Antivirus Security Technical Implementation Guide V-213451CAT IIMicrosoft Defender AV must be configured to turn on e-mail scanning.Microsoft Defender Antivirus Security Technical Implementation Guide V-213456CAT IIMicrosoft Defender AV must be configured to block executable content from email client and webmail.Microsoft Defender Antivirus Security Technical Implementation Guide V-213457CAT IIMicrosoft Defender AV must be configured block Office applications from creating child processes.Microsoft Defender Antivirus Security Technical Implementation Guide V-213458CAT IIMicrosoft Defender AV must be configured block Office applications from creating executable content.Microsoft Defender Antivirus Security Technical Implementation Guide V-213459CAT IIMicrosoft Defender AV must be configured to block Office applications from injecting into other processes.Microsoft Defender Antivirus Security Technical Implementation Guide V-213460CAT IIMicrosoft Defender AV must be configured to impede JavaScript and VBScript to launch executables.Microsoft Defender Antivirus Security Technical Implementation Guide V-213461CAT IIMicrosoft Defender AV must be configured to block execution of potentially obfuscated scripts.Microsoft Defender Antivirus Security Technical Implementation Guide V-213462CAT IIMicrosoft Defender AV must be configured to block Win32 imports from macro code in Office.Microsoft Defender Antivirus Security Technical Implementation Guide V-213463CAT IIMicrosoft Defender AV must be configured to prevent user and apps from accessing dangerous websites.Microsoft Defender Antivirus Security Technical Implementation Guide V-278647CAT IIMicrosoft Defender AV must block Adobe Reader from creating child processes.Microsoft Defender Antivirus Security Technical Implementation Guide V-278648CAT IIMicrosoft Defender AV must block credential stealing from the Windows local security authority subsystem.Microsoft Defender Antivirus Security Technical Implementation Guide V-278649CAT IIMicrosoft Defender AV must block untrusted and unsigned processes that run from USB.Microsoft Defender Antivirus Security Technical Implementation Guide V-278650CAT IIMicrosoft Defender AV must use advanced protection against ransomware.Microsoft Defender Antivirus Security Technical Implementation Guide V-278651CAT IIMicrosoft Defender AV must audit process creations originating from PSExec and WMI commands.Microsoft Defender Antivirus Security Technical Implementation Guide V-278652CAT IIMicrosoft Defender AV must audit persistence through WMI event subscription.Microsoft Defender Antivirus Security Technical Implementation Guide V-278653CAT IIMicrosoft Defender AV must audit executable files from running unless they meet a prevalence, age, or trusted list criterion.Microsoft Defender Antivirus Security Technical Implementation Guide V-278654CAT IIMicrosoft Defender AV must block Office communication application from creating child processes.Microsoft Defender Antivirus Security Technical Implementation Guide V-278655CAT IIMicrosoft Defender AV must block abuse of exploited vulnerable signed drivers.Microsoft Defender Antivirus Security Technical Implementation Guide V-278656CAT IIMicrosoft Defender AV must configure local administrator merge behavior for lists.Microsoft Defender Antivirus Security Technical Implementation Guide V-278658CAT IIMicrosoft Defender AV must control whether exclusions are visible to Local Admins.Microsoft Defender Antivirus Security Technical Implementation Guide V-278660CAT IIMicrosoft Defender AV must hide the Family options area.Microsoft Defender Antivirus Security Technical Implementation Guide V-278661CAT IIMicrosoft Defender AV must enable the file hash computation feature.Microsoft Defender Antivirus Security Technical Implementation Guide V-278662CAT IIMicrosoft Defender AV must enable extended cloud check.Microsoft Defender Antivirus Security Technical Implementation Guide V-278672CAT IIMicrosoft Defender AV must enable network protection to be configured into block or audit mode on Windows Server.Microsoft Defender Antivirus Security Technical Implementation Guide V-278674CAT IIMicrosoft Defender AV must enable EDR in block mode.Microsoft Defender Antivirus Security Technical Implementation Guide V-278675CAT IIMicrosoft Defender AV must report Dynamic Signature dropped events.Microsoft Defender Antivirus Security Technical Implementation Guide V-278677CAT IIMicrosoft Defender AV must convert warn verdict to block.Microsoft Defender Antivirus Security Technical Implementation Guide V-278678CAT IIMicrosoft Defender AV must enable asynchronous inspection.Microsoft Defender Antivirus Security Technical Implementation Guide V-278863CAT IIMicrosoft Defender AV must set cloud protection level to High.Microsoft Defender Antivirus Security Technical Implementation Guide V-238155CAT IIDisabling of user name and password syntax from being used in URLs must be enforced.Microsoft Excel 2016 Security Technical Implementation Guide V-238168CAT IISaved from URL mark to assure Internet zone processing must be enforced.Microsoft Excel 2016 Security Technical Implementation Guide V-238173CAT IINavigation to URLs embedded in Office products must be blocked.Microsoft Excel 2016 Security Technical Implementation Guide V-238180CAT IIAll automatic loading from trusted locations must be disabled.Microsoft Excel 2016 Security Technical Implementation Guide V-238181CAT IIDisallowance of trusted locations on the network must be enforced.Microsoft Excel 2016 Security Technical Implementation Guide V-238183CAT IIThe scanning of encrypted macros in open XML documents must be enforced.Microsoft Excel 2016 Security Technical Implementation Guide V-238184CAT IIMacro storage must be in personal macro workbooks.Microsoft Excel 2016 Security Technical Implementation Guide V-238188CAT IIFiles in unsafe locations must be opened in Protected View.Microsoft Excel 2016 Security Technical Implementation Guide V-238189CAT IIDocument behavior if file validation fails must be set.Microsoft Excel 2016 Security Technical Implementation Guide V-238190CAT IIExcel attachments opened from Outlook must be in Protected View.Microsoft Excel 2016 Security Technical Implementation Guide V-238194CAT IIMacros must be blocked from running in Office files from the Internet.Microsoft Excel 2016 Security Technical Implementation Guide V-238195CAT IIFiles on local Intranet UNC must be opened in Protected View.Microsoft Excel 2016 Security Technical Implementation Guide V-223019CAT IIThe Initialize and script ActiveX controls not marked as safe property must be disallowed (Internet zone).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223041CAT IIPrevent per-user installation of ActiveX controls must be enabled.Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223045CAT IIThe Initialize and script ActiveX controls not marked as safe must be disallowed (Intranet Zone).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223046CAT IIThe Initialize and script ActiveX controls not marked as safe must be disallowed (Trusted Sites Zone).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223057CAT IIThe Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223059CAT IIActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223076CAT IISoftware must be disallowed to run or install with invalid signatures.Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223134CAT IIActiveX controls without prompt property must be used in approved domains only (Internet zone).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223140CAT IIActiveX controls without prompt property must be used in approved domains only (Restricted Sites zone).Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223280CAT IIMacros must be blocked from running in Access files from the Internet.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223284CAT IIThe Macro Runtime Scan Scope must be enabled for all documents.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223289CAT IIMacros in all Office applications that are opened programmatically by another application must be opened based upon macro security level.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223298CAT IIUser name and password must be disabled in all Office programs.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223302CAT IINavigate URL must be enabled in all Office programs.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223307CAT IIThe Save from URL feature must be enabled in all Office programs.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223310CAT IITrusted Locations on the network must be disabled in Excel.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223328CAT IIUpdating of links in Excel must be prompted and not automatic.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223333CAT IIScan of encrypted macros in Excel Open XML workbooks must be enabled.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223336CAT IIMacros must be blocked from running in Excel files from the Internet.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223341CAT IIFiles from unsafe locations must be opened in Excel in Protected View mode.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223342CAT IIFiles failing file validation must be opened in Excel in Protected view mode and disallow edits.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223343CAT IIFile attachments from Outlook must be opened in Excel in Protected mode.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223348CAT IIScripts associated with public folders must be prevented from execution in Outlook.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223349CAT IIScripts associated with shared folders must be prevented from execution in Outlook.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223352CAT IIActive X One-Off forms must only be enabled to load with Outlook Controls.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223364CAT IIOutlook must be configured to not run scripts in forms in which the script and the layout are contained within the message.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223374CAT IITrusted Locations on the network must be disabled in Project.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223378CAT IIThe ability to run programs from PowerPoint must be disabled.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223381CAT IIEncrypted macros in PowerPoint Open XML presentations must be scanned.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223382CAT IIFile validation in PowerPoint must be enabled.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223383CAT IIMacros from the Internet must be blocked from running in PowerPoint.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223388CAT IIIf file validation fails, files must be opened in Protected view in PowerPoint with ability to edit disabled.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223389CAT IIThe use of network locations must be ignored in PowerPoint.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223394CAT IITrusted Locations on the network must be disabled in Visio.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223399CAT IIMacros must be blocked from running in Visio files from the Internet.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223401CAT IIIn Word, encrypted macros must be scanned.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223415CAT IIIn Word, macros must be blocked from running, even if Enable all macros is selected in the Macro Settings section of the Trust Center.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-223416CAT IITrusted Locations on the network must be disabled in Word.Microsoft Office 365 ProPlus Security Technical Implementation Guide V-238032CAT IIAutomation Security to enforce macro level security in Office documents must be configured.Microsoft Office System 2016 Security Technical Implementation Guide V-238039CAT IIThe ability to create an online presentation programmatically must be disabled.Microsoft Office System 2016 Security Technical Implementation Guide V-215529CAT IIDisabling of user name and password syntax from being used in URLs must be enforced.Microsoft OneDrive Security Technical Implementation Guide V-215531CAT IISaved from URL mark to assure Internet zone processing must be enforced.Microsoft OneDrive Security Technical Implementation Guide V-215532CAT IINavigation to URLs embedded in Office products must be blocked.Microsoft OneDrive Security Technical Implementation Guide V-238044CAT IIDisabling of user name and password syntax from being used in URLs must be enforced.Microsoft OneNote 2016 Security Technical Implementation Guide V-238046CAT IISaved from URL mark to assure Internet zone processing must be enforced.Microsoft OneNote 2016 Security Technical Implementation Guide V-238047CAT IINavigation to URLs embedded in Office products must be blocked.Microsoft OneNote 2016 Security Technical Implementation Guide V-228419CAT IIDisabling of user name and password syntax from being used in URLs must be enforced.Microsoft Outlook 2016 Security Technical Implementation Guide V-228421CAT IISaved from URL mark to assure Internet zone processing must be enforced.Microsoft Outlook 2016 Security Technical Implementation Guide V-228422CAT IINavigation to URLs embedded in Office products must be blocked.Microsoft Outlook 2016 Security Technical Implementation Guide V-228433CAT IIOutlook Object Model scripts must be disallowed to run for shared folders.Microsoft Outlook 2016 Security Technical Implementation Guide V-228434CAT IIOutlook Object Model scripts must be disallowed to run for public folders.Microsoft Outlook 2016 Security Technical Implementation Guide V-228435CAT IIActiveX One-Off forms must be configured.Microsoft Outlook 2016 Security Technical Implementation Guide V-228436CAT IIThe Add-In Trust Level must be configured.Microsoft Outlook 2016 Security Technical Implementation Guide V-228438CAT IIUsers customizing attachment security settings must be prevented.Microsoft Outlook 2016 Security Technical Implementation Guide V-228443CAT IIScripts in One-Off Outlook forms must be disallowed.Microsoft Outlook 2016 Security Technical Implementation Guide V-238054CAT IIDisabling of user name and password syntax from being used in URLs must be enforced in PowerPoint.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238057CAT IIThe Saved from URL mark must be selected to enforce Internet zone processing in PowerPoint.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238060CAT IINavigation to URLs embedded in Office products must be blocked in PowerPoint.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238067CAT IIAll automatic loading from trusted locations must be disabled.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238068CAT IIDisallowance of trusted locations on the network must be enforced.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238070CAT IIThe scanning of encrypted macros in open XML documents must be enforced.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238074CAT IIFiles in unsafe locations must be opened in Protected View.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238075CAT IIThe ability to run programs from a PowerPoint presentation must be disallowed.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238076CAT IIDocument behavior if file validation fails must be set.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238077CAT IIAttachments opened from Outlook must be in Protected View.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238079CAT IIDisabling of user name and password syntax from being used in URLs must be enforced in PowerPoint Viewer.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238081CAT IIThe Saved from URL mark must be selected to enforce Internet zone processing in PowerPoint Viewer.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238082CAT IINavigation to URLs embedded in Office products must be blocked in PowerPoint Viewer.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238089CAT IIMacros must be blocked from running in Office files from the Internet.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-238090CAT IIFiles on local Intranet UNC must be opened in Protected View.Microsoft PowerPoint 2016 Security Technical Implementation Guide V-70703CAT IIDisabling of user name and password syntax from being used in URLs must be enforced.Microsoft Project 2016 Security Technical Implementation Guide V-70707CAT IISaved from URL mark to assure Internet zone processing must be enforced.Microsoft Project 2016 Security Technical Implementation Guide V-70709CAT IINavigation to URLs embedded in Office products must be blocked.Microsoft Project 2016 Security Technical Implementation Guide V-70727CAT IIUntrusted intranet zone access to Project servers must not be allowed.Microsoft Project 2016 Security Technical Implementation Guide V-238482CAT IIDisabling of user name and password syntax from being used in URLs must be enforced.Microsoft Publisher 2016 Security Technical Implementation Guide V-238484CAT IISaved from URL mark to assure Internet zone processing must be enforced.Microsoft Publisher 2016 Security Technical Implementation Guide V-238485CAT IINavigation to URLs embedded in Office products must be blocked.Microsoft Publisher 2016 Security Technical Implementation Guide V-238496CAT IIThe Publisher Automation Security Level must be configured for high security.Microsoft Publisher 2016 Security Technical Implementation Guide V-238108CAT IIDisabling of user name and password syntax from being used in URLs must be enforced.Microsoft Visio 2016 Security Technical Implementation Guide V-238110CAT IISaved from URL mark to assure Internet zone processing must be enforced.Microsoft Visio 2016 Security Technical Implementation Guide V-238111CAT IINavigation to URLs embedded in Office products must be blocked.Microsoft Visio 2016 Security Technical Implementation Guide V-238121CAT IIDisabling of user name and password syntax from being used in URLs must be enforced.Microsoft Word 2016 Security Technical Implementation Guide V-238124CAT IISaved from URL mark to assure Internet zone processing must be enforced.Microsoft Word 2016 Security Technical Implementation Guide V-238127CAT IINavigation to URLs embedded in Office products must be blocked.Microsoft Word 2016 Security Technical Implementation Guide V-238134CAT IIAll automatic loading from trusted locations must be disabled.Microsoft Word 2016 Security Technical Implementation Guide V-238135CAT IIDisallowance of trusted locations on the network must be enforced.Microsoft Word 2016 Security Technical Implementation Guide V-238137CAT IIForce encrypted macros to be scanned in open XML documents must be determined and configured.Microsoft Word 2016 Security Technical Implementation Guide V-238141CAT IIFiles in unsafe locations must be opened in Protected View.Microsoft Word 2016 Security Technical Implementation Guide V-238142CAT IIDocument behavior if file validation fails must be set.Microsoft Word 2016 Security Technical Implementation Guide V-238143CAT IIAttachments opened from Outlook must be in Protected View.Microsoft Word 2016 Security Technical Implementation Guide V-238144CAT IIThe automatically update links feature must be disabled.Microsoft Word 2016 Security Technical Implementation Guide V-238146CAT IIOnline translation dictionaries must not be used.Microsoft Word 2016 Security Technical Implementation Guide V-238153CAT IIMacros must be blocked from running in Office files from the Internet.Microsoft Word 2016 Security Technical Implementation Guide V-238154CAT IIFiles on local Intranet UNC must be opened in Protected View.Microsoft Word 2016 Security Technical Implementation Guide V-219972CAT IIThe operating system must disable information system functionality that provides the capability for automatic execution of code on mobile devices without user direction.Solaris 11 SPARC Security Technical Implementation Guide V-219973CAT IIThe system must restrict the ability of users to assume excessive privileges to members of a defined group and prevent unauthorized users from accessing administrative tools.Solaris 11 SPARC Security Technical Implementation Guide V-220000CAT IIThe operating system must disable information system functionality that provides the capability for automatic execution of code on mobile devices without user direction.Solaris 11 X86 Security Technical Implementation Guide