SC-18(1): Identify Unacceptable Code and Take Corrective Actions

Control Family:

System and Communications Protection

Parent Control:

SC-18: Mobile Code

CSF v1.1 References:

DE.CM-5

Threats Addressed:

Tampering

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SC-18(1): Identify Unacceptable Code / Take Corrective Actions

Control Statement

Identify [Assignment: organization-defined unacceptable mobile code] and take [Assignment: organization-defined corrective actions].

Supplemental Guidance

Corrective actions when unacceptable mobile code is detected include blocking, quarantine, or alerting administrators. Blocking includes preventing the transmission of word processing files with embedded macros when such macros have been determined to be unacceptable mobile code.