The Mainframe Product must prevent the automatic execution of mobile code in, at a minimum, office applications, browsers, email clients, mobile code run-time environments, and mobile agent systems.

Mobile code can cause damage to the system. It can execute without explicit action from, or notification to, a user. Preventing automatic execution of mobile code includes, for example, disabling auto execute features on information system components. This requirement applies to mobile code-enabled software, which is capable of executing one or more types of mobile code.