Verify that the application does not include and execute functionality from untrusted sources, such as unverified content distribution networks, JavaScript libraries, node npm libraries, or server-side DLLs.
✓
✓
829
10.3.2
[MODIFIED] Verify that the application only loads or executes code, modules, content or plugins from sources not under the application's direct control/protection if it employs integrity protections, such as code signing.
Related requirements:
Proposal: merge 12.3.6 to 10.3.2