STIGhub
STIGs
RMF Controls
Compare
← SC-18 (4) — Mobile Code
CCI-002460
Definition
Enforce organization-defined actions prior to executing mobile code.
Parent Control
SC-18 (4)
Mobile Code
System and Communications Protection
Linked STIG Checks (35)
V-205599
CAT II
The Mainframe Product must prompt the user for action prior to executing mobile code.
Mainframe Product Security Requirements Guide
V-238016
CAT II
The configuration for enabling of hyperlinks must be enforced.
Microsoft Access 2016 Security Technical Implementation Guide
V-238019
CAT II
Database functionality configurations must be displayed to the user.
Microsoft Access 2016 Security Technical Implementation Guide
V-238022
CAT II
ActiveX Installs must be configured for proper restriction.
Microsoft Access 2016 Security Technical Implementation Guide
V-238187
CAT II
ActiveX Installs must be configured for proper restriction.
Microsoft Excel 2016 Security Technical Implementation Guide
V-223288
CAT II
ActiveX Controls must be initialized in Safe Mode.
Microsoft Office 365 ProPlus Security Technical Implementation Guide
V-223305
CAT II
ActiveX installation restriction must be enabled in all Office programs.
Microsoft Office 365 ProPlus Security Technical Implementation Guide
V-223309
CAT II
Flash player activation must be disabled in all Office programs.
Microsoft Office 365 ProPlus Security Technical Implementation Guide
V-223329
CAT II
Loading of pictures from Web pages not created in Excel must be disabled.
Microsoft Office 365 ProPlus Security Technical Implementation Guide
V-223365
CAT II
When a custom action is executed that uses the Outlook object model, Outlook must automatically deny it.
Microsoft Office 365 ProPlus Security Technical Implementation Guide
V-223366
CAT II
When an untrusted program attempts to programmatically access an Address Book using the Outlook object model, Outlook must automatically deny it.
Microsoft Office 365 ProPlus Security Technical Implementation Guide
V-223367
CAT II
When a user designs a custom form in Outlook and attempts to bind an Address Information field to a combination or formula custom field, Outlook must automatically deny it.
Microsoft Office 365 ProPlus Security Technical Implementation Guide
V-223368
CAT II
When an untrusted program attempts to use the Save As command to programmatically save an item, Outlook must automatically deny it.
Microsoft Office 365 ProPlus Security Technical Implementation Guide
V-223369
CAT II
When an untrusted program attempts to gain access to a recipient field, such as the, To: field, using the Outlook object model, Outlook must automatically deny it.
Microsoft Office 365 ProPlus Security Technical Implementation Guide
V-223370
CAT II
When an untrusted program attempts to programmatically send e-mail in Outlook using the Response method of a task or meeting request, Outlook must automatically deny it.
Microsoft Office 365 ProPlus Security Technical Implementation Guide
V-223371
CAT II
When an untrusted program attempts to send e-mail programmatically using the Outlook object model, Outlook must automatically deny it.
Microsoft Office 365 ProPlus Security Technical Implementation Guide
V-238030
CAT II
ActiveX control initialization must be disabled.
Microsoft Office System 2016 Security Technical Implementation Guide
V-215538
CAT II
ActiveX Installs must be configured for proper restriction.
Microsoft OneDrive Security Technical Implementation Guide
V-238053
CAT II
ActiveX Installs must be configured for proper restriction.
Microsoft OneNote 2016 Security Technical Implementation Guide
V-228428
CAT II
ActiveX Installs must be configured for proper restriction.
Microsoft Outlook 2016 Security Technical Implementation Guide
V-228444
CAT II
Custom Outlook Object Model (OOM) action execution prompts must be configured.
Microsoft Outlook 2016 Security Technical Implementation Guide
V-228445
CAT II
Object Model Prompt for programmatic email send behavior must be configured.
Microsoft Outlook 2016 Security Technical Implementation Guide
V-228446
CAT II
Object Model Prompt behavior for programmatic address books must be configured.
Microsoft Outlook 2016 Security Technical Implementation Guide
V-228447
CAT II
Object Model Prompt behavior for programmatic access of user address data must be configured.
Microsoft Outlook 2016 Security Technical Implementation Guide
V-228448
CAT II
Object Model Prompt behavior for Meeting and Task Responses must be configured.
Microsoft Outlook 2016 Security Technical Implementation Guide
V-228449
CAT II
Object Model Prompt behavior for the SaveAs method must be configured.
Microsoft Outlook 2016 Security Technical Implementation Guide
V-228450
CAT II
Object Model Prompt behavior for accessing User Property Formula must be configured.
Microsoft Outlook 2016 Security Technical Implementation Guide
V-238073
CAT II
ActiveX Installs must be configured for proper restriction in PowerPoint.
Microsoft PowerPoint 2016 Security Technical Implementation Guide
V-238088
CAT II
ActiveX Installs must be configured for proper restriction in PowerPoint Viewer.
Microsoft PowerPoint 2016 Security Technical Implementation Guide
V-70725
CAT II
ActiveX Installs must be configured for proper restriction.
Microsoft Project 2016 Security Technical Implementation Guide
V-238493
CAT II
ActiveX Installs must be configured for proper restriction.
Microsoft Publisher 2016 Security Technical Implementation Guide
V-238119
CAT II
ActiveX Installs must be configured for proper restriction.
Microsoft Visio 2016 Security Technical Implementation Guide
V-238140
CAT II
ActiveX Installs must be configured for proper restriction.
Microsoft Word 2016 Security Technical Implementation Guide
V-254886
CAT II
The Tanium Action Approval feature must be enabled for two-person integrity when deploying actions to endpoints.
Tanium 7.x Application on TanOS Security Technical Implementation Guide
V-253841
CAT II
The Tanium Action Approval feature must be enabled for two-person integrity when deploying actions to endpoints.
Tanium 7.x Security Technical Implementation Guide