NIST 800-53 REV 5 • SYSTEM AND COMMUNICATIONS PROTECTION

SC-18(3)Prevent Downloading and Execution

Prevent the download and execution of {{ insert: param, sc-18.03_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

None.

Practitioner Notes

Prevent the download and execution of prohibited mobile code entirely — do not rely on users to make safe decisions.

Example 1: Configure your web proxy to block downloads of file types commonly used for mobile code attacks — .hta, .js, .vbs, .wsf, .jar. Block these at the network level so users never have the opportunity to run them.

Example 2: Use AppLocker via GPO to prevent execution of scripts and executables from user-writable locations (Downloads, Temp, AppData). Even if a user downloads a malicious script, it cannot execute because AppLocker blocks execution from that directory.

More System and Communications Protection Controls

SC-1 Policy and Procedures SC-2 Separation of System and User Functionality SC-2(1) Interfaces for Non-privileged Users SC-2(2) Disassociability