Does your organization have controls in place to detect unauthorized mobile code execution within your environment?
Explanation
Mobile code (JavaScript, ActiveX, Flash, etc.) can introduce security risks when executed without proper validation or authorization. Detection mechanisms should identify when unauthorized mobile code attempts to run on endpoints, servers, or within applications. This could include web application firewalls, endpoint protection solutions, or application whitelisting tools that can identify and block unauthorized code execution.
Evidence could include logs from security tools showing detection of unauthorized mobile code execution attempts, configuration documentation for mobile code restrictions, or reports from security monitoring systems that specifically track mobile code execution.
Context
- Function
- DE: DETECT
- Category
- DE.CM: Continuous Monitoring
- Sub-Category
- Unauthorized mobile code is detected
Related questions
- Does your organization have a system in place to monitor DNS, BGP, and other critical network services for suspicious or malicious activities?
- Does your organization implement network monitoring controls to detect and alert on unauthorized endpoint connections to both wired and wireless networks?
- Does your organization have a process to regularly monitor facilities for unauthorized or rogue wireless networks?
- Does your organization regularly compare actual network traffic flows against established baselines to detect and investigate deviations?
- Does your organization continuously monitor network communications to detect changes in security postures as part of a zero trust architecture?
- Does your organization monitor physical access control logs for unusual patterns and failed access attempts?

