Code Risk Categories — Dod Mobile

The DoD identifies several repeating patterns of risk that necessitate these categories:

The Department of Defense (DoD) categorizes —software like JavaScript or ActiveX that downloads and executes automatically—based on its functionality and the potential threat it poses to information systems. These risk categories help determine which technologies are safe for use on government workstations and remote servers. Dod Mobile Code Risk Categories

: Code that has broad, unmediated access to workstation, server, and remote system services and resources. The DoD identifies several repeating patterns of risk

: Mobile applications can use sensors like GPS, microphones, and cameras to disclose non-public information or Personally Identifiable Information (PII) without user consent. Use of Unclassified Mobile Applications in ... - DoD CIO : Mobile applications can use sensors like GPS,

: Most Java applets fall into this category. They are designed to be restricted from reaching the underlying system unless specific vulnerabilities (sandbox escapes) are exploited.

: Technologies that support limited functionality with no capability for unmediated access to system resources.

: Modern systems often load code from various external sources (analytics, chat widgets) that could be compromised without the owner's knowledge.