: Generally allowed if the technology has a proven history of security and operates strictly within its intended sandbox. Category 3: Restricted Functionality (Lowest Risk)
The DoD identifies several repeating patterns of risk that necessitate these categories: Dod Mobile Code Risk Categories
: Technologies that support limited functionality with no capability for unmediated access to system resources. : Generally allowed if the technology has a
The Department of Defense (DoD) categorizes —software like JavaScript or ActiveX that downloads and executes automatically—based on its functionality and the potential threat it poses to information systems. These risk categories help determine which technologies are safe for use on government workstations and remote servers. These risk categories help determine which technologies are
: Most Java applets fall into this category. They are designed to be restricted from reaching the underlying system unless specific vulnerabilities (sandbox escapes) are exploited.
: Use of this category is strictly controlled and often prohibited unless the code is signed by a trusted US certificate signing authority. Category 2: Limited Access (Medium Risk)