SC-18(4): Prevent Automatic Execution

Control Family:

System And Communications Protection

Parent Control:

SC-18: Mobile Code

Priority:

P2: Implement P2 security controls after implementation of P1 controls.

CSF v1.1 References:

DE.CM-5

Threats Addressed:

Tampering

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SC-18(4): Prevent Automatic Execution

Control Statement

The information system prevents the automatic execution of mobile code in [Assignment: organization-defined software applications] and enforces [Assignment: organization-defined actions] prior to executing the code.

Supplemental Guidance

Actions enforced before executing mobile code, include, for example, prompting users prior to opening electronic mail attachments. Preventing automatic execution of mobile code includes, for example, disabling auto execute features on information system components employing portable storage devices such as Compact Disks (CDs), Digital Video Disks (DVDs), and Universal Serial Bus (USB) devices.