Dod Mobile Code Risk Categories Apr 2026

: Use of this category is strictly controlled and often prohibited unless the code is signed by a trusted US certificate signing authority. Category 2: Limited Access (Medium Risk)

: Code that has broad, unmediated access to workstation, server, and remote system services and resources. Dod Mobile Code Risk Categories

: Most Java applets fall into this category. They are designed to be restricted from reaching the underlying system unless specific vulnerabilities (sandbox escapes) are exploited. : Use of this category is strictly controlled

: Modern systems often load code from various external sources (analytics, chat widgets) that could be compromised without the owner's knowledge. They are designed to be restricted from reaching

: Technologies that support limited functionality with no capability for unmediated access to system resources.

: Historically, this included ActiveX and Shockwave Flash , which could operate outside a restricted "sandbox" environment to interact directly with the operating system.

The DoD identifies several repeating patterns of risk that necessitate these categories: