SC-18(4): Prevent Automatic Execution

Control Family:

System and Communications Protection

Parent Control:

SC-18: Mobile Code

CSF v1.1 References:

DE.CM-5

Threats Addressed:

Tampering

Baselines:

(Not part of any baseline)

Previous Version:

NIST Special Publication 800-53 Revision 4:
SC-18(4): Prevent Automatic Execution

Control Statement

Prevent the automatic execution of mobile code in [Assignment: organization-defined software applications] and enforce [Assignment: organization-defined actions] prior to executing the code.

Supplemental Guidance

Actions enforced before executing mobile code include prompting users prior to opening email attachments or clicking on web links. Preventing the automatic execution of mobile code includes disabling auto-execute features on system components that employ portable storage devices, such as compact discs, digital versatile discs, and universal serial bus devices.