CCI-001242

CCI-001242 Definition

The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.
Status
Type CheckType.technical

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 1242.

Validation Procedures

The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 1242.

DISA Compelling Evidence

1) Provide signed and dated SSP 2) Reference section that pertains to how real-time scans for malicious are performed on files from external sources. 3) Examine complete protection software logs. Verify scans are being performed properly and in real time (logs must contain accurate date/time stamps, as well as source data to confirm it is from external sources) 4) Applicable STIGs and SRGs pertaining to CCI 1242.