CCI-001241
CCI-001241 Definition
Status | |
Type | CheckType.technical |
Master Assessment Datasheet
Implementation Guidance
The organization being inspected/assessed configures malicious code protection mechanisms to perform periodic scans of the information system on every 7 days. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 1241. DoD has defined the frequency as every 7 days.
Validation Procedures
The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed configures malicious code protection mechanisms to perform periodic scans of the information system on every 7 days. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 1241. DoD has defined the frequency as every 7 days.
DISA Compelling Evidence
1) Provide signed and dated SSP 2) Reference section that pertains to frequency with which scans for malicious code are performed (7 days is DoD recommendation) 3) Examine complete protection software logs. Verify scans are being performed properly at recommended frequency (logs must contain accurate date/time stamps) 4) Applicable STIGs and SRGs pertaining to CCI 1241