Mobile Code Risk Categories: Dod

The DoD typically organizes mobile code into three distinct levels:

While the primary policy governing these categories is , the specific risk tiers are structured by the level of access the code has to system resources. The Three Mobile Code Risk Categories

: Flaws in the containment models of Category 2 code can allow it to reach sensitive data it should not see. Dod Mobile Code Risk Categories

: Use of this category is strictly controlled and often prohibited unless the code is signed by a trusted US certificate signing authority. Category 2: Limited Access (Medium Risk)

: Modern systems often load code from various external sources (analytics, chat widgets) that could be compromised without the owner's knowledge. The DoD typically organizes mobile code into three

: Generally allowed if the technology has a proven history of security and operates strictly within its intended sandbox. Category 3: Restricted Functionality (Lowest Risk)

: These are the most commonly permitted forms of mobile code due to their minimal threat profile. Core Security Risks Category 2: Limited Access (Medium Risk) : Modern

: Technologies that support limited functionality with no capability for unmediated access to system resources.