NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-18(4)Prevent Automatic Execution

Prevent the automatic execution of mobile code in {{ insert: param, sc-18.04_odp.01 }} and enforce {{ insert: param, sc-18.04_odp.02 }} prior to executing the code.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Actions enforced before executing mobile code include prompting users prior to opening email attachments or clicking on web links. Preventing the automatic execution of mobile code includes disabling auto-execute features on system components that employ portable storage devices, such as compact discs, digital versatile discs, and universal serial bus devices.

Practitioner Notes

Prevent mobile code from executing automatically — users should have to deliberately choose to run it.

Example 1: Configure Office via GPO to "Disable all macros with notification." Users see a warning bar and must actively click "Enable Content" to run macros. Macros never execute automatically when a document is opened.

Example 2: In your browser policy, set JavaScript to prompt or block for downloaded HTML files opened locally. Configure file associations so that .js, .vbs, and .wsf files open in Notepad rather than executing in the Windows Script Host.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability