CMMC Practice SC.L2-3.13.13 – Mobile Code: Control and monitor the use of mobile code

A.Elrayes 186 Reputation points
2023-11-26T10:56:29.5433333+00:00

Hi Team,

I'm asking about "CMMC Practice SC.L2-3.13.13 – Mobile Code: Control and monitor the use of mobile code"

1- What is the simple definition of the term with examples ?

2- How to achieve this practice to control and monitor mobile code.

Note that we have a hybrid environment.

Thanks,

Alaa Elrayes

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,576 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,700 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Luca Perrone 0 Reputation points
    2023-11-26T11:03:28.1+00:00

    CMMC practice SC.L2-3.13.13 focuses on controlling and monitoring the use of mobile code. "Mobile code" refers to executable software transportable across systems, including mobile applications, scripts, and downloadable executable files.

    • Mobile applications for smartphones or tablets.
    • Executable scripts that can run on various devices.
    • Downloadable executable content that can be transferred and executed

    How to do it:

    • Implement security controls to restrict unauthorized or unsafe mobile code usage.
    • Use monitoring and code analysis tools to identify suspicious or potentially harmful behaviors of mobile apps or scripts.
    • Define and enforce policies regarding mobile code usage, covering aspects such as app installation, script downloads, and access to sensitive resources.
    • Provide regular training to users on the secure use of mobile code, including instructions on recognizing and safely managing mobile apps or scripts.
    • Limit permissions granted to mobile apps only to those necessary for their intended functions, minimizing privileges and system resource access.
    • Ensure that mobile apps and scripts are regularly updated with the latest security patches. Monitor and apply security updates provided by developers.
    • Conduct periodic security assessments of mobile code used in the hybrid environment to identify potential vulnerabilities and ensure compliance with security policies.

    Security of mobile code is an ongoing process requiring a combination of technological controls, policies, training, and regular assessments to maintain a secure environment.

    I hope it is clear