Menu
Define acceptable mobile code and mobile code technologies.
Active Directory security testing and attack techniques
Use this when you are working on file operations like reading, writing, scanning, or deleting files. It summarizes the preferred file APIs and patterns used in this repo. It also notes when to use filesystem helpers for directories.
Kerberos protocol attack techniques and exploitation
Bug bounty and pentest reconnaissance methodology
API Testing Overview
API Reconnaissance
| name | Mobile Code (03.13.13)_mobile-code |
| description | Define acceptable mobile code and mobile code technologies. |
| category | configuration |
| version | 3.0 |
| author | cyberstrike-official |
| tags | ["nist","sp800-171","rev3","mobile code (03-13-13)","family-03.13","cui-protection","cmmc"] |
| tech_stack | ["aws","azure","gcp","linux","windows","network"] |
| cwe_ids | ["CWE-311"] |
| chains_with | [] |
| prerequisites | [] |
| severity_boost | {} |
Family: System and Communications Protection Framework: NIST SP 800-171 Rev 3 Applicability: Systems processing, storing, or transmitting CUI
Define acceptable mobile code and mobile code technologies. Authorize, monitor, and control the use of mobile code.
Examine the SSP for Mobile Code (03.13.13) implementation description and responsible parties.
# Verify security controls protecting CUI
# Check access controls, encryption, monitoring as applicable
# For Linux systems:
ls -la /etc/security/ 2>/dev/null
grep -r "CUI\|controlled" /etc/security/ 2>/dev/null
# For cloud:
# Use cloud-audit-mcp tools to assess posture
Verify this requirement passes CMMC Level 2 assessment methodology per SP 800-171A Rev 3.
| Tool | Purpose | Usage |
|---|---|---|
| cloud-audit-mcp | Assess cloud CUI environment | cloud_audit_* tools |
| Manual Review | SSP and POA&M review | Documentation analysis |
Define acceptable mobile code and mobile code technologies. Authorize, monitor, and control the use of mobile code.
Mobile code includes software programs or parts of programs that are obtained from remote systems, transmitted across a network, and executed on a local system without explicit installation or execution by the recipient. Decisions regarding the use of mobile code are based on the potential for the code to cause damage to the system if used maliciously. Mobile code technologies include Java applets, JavaScript, HTML5, VBScript, and WebGL. Usage restrictions and implementation guidelines apply to the selection and use of mobile code installed on servers and downloaded and executed on individual workstations and devices, including notebook computers, smart phones, and smart devices. Mobile code policies and procedures address the actions taken to prevent the development, acquisition, and use of unacceptable mobile code within the system, including requiring mobile code to be digitally signed by a trusted source.
| Finding | Severity | Impact |
|---|---|---|
| Mobile Code (03.13.13) Mobile Code not implemented | High | CUI Protection - System and Communications Protection |
| Mobile Code (03.13.13) partially implemented (POA&M) | Medium | CMMC certification risk |
| CWE ID | Title |
|---|---|
| CWE-311 | Missing Encryption of Sensitive Data |