Unsigned Category 1A mobile code must not be used in the application in accordance with DoD policy.

Use of un-trusted Level 1A mobile code technologies can introduce security vulnerabilities and malicious code into the client system. 1A code is defined as: - ActiveX controls - Mobile code script (JavaScript, VBScript) - Windows Scripting Host (WSH) (downloaded via URL or email) When JavaScript and VBScript execute within the browser they are Category 3, however, when they execute in WSH, they are 1A.