CMMC Practice SC.L2-3.13.13 – Mobile Code: Control and monitor the use of mobile code.
Links to Publicly Available Resources
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Ensure mobile code such as Java, ActiveX, Flash is authorized to execute on the network in accordance to the organization’s policy and technical configuration, and unauthorized mobile code is not. Then monitor the use of mobile code through boundary devices, audit of configurations, and implement remediation activities as needed.