Allow execution of binary or machine-executable code only in confined physical or virtual machine environments and with the explicit approval of [Assignment: organization-defined personnel or roles] when such code is: (a) Obtained from sources with limited or no warranty; and/or (b) Without the provision of source code.
Implementation
Description
Code execution in protected environments applies to all sources of binary or machine-executable code, including commercial software and firmware and open-source software.