Malicious Code Protection

class

Operational

family

System and Information Integrity

number

SI-3

priority

P1

impact

LOW_MODERATE_HIGH

The organization: Employs malicious code protection mechanisms at information system entry and exit points and at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code: - Transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means; or - Inserted through the exploitation of information system vulnerabilities; Updates malicious code protection mechanisms (including signature definitions) whenever new releases are available in accordance with organizational configuration management policy and procedures; Configures malicious code protection mechanisms to: - Perform periodic scans of the information system [ Assignment: organization-defined frequency ] and real-time scans of files from external sources as the files are downloaded, opened, or executed in accordance with organizational security policy; and - [ Selection (one or more): block malicious code; quarantine malicious code; send alert to administrator; [ Assignment: organization-defined action ]] in response to malicious code detection; and Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.

Comments