Navigate

CCI-001243

CCI-001243 Definition

The organization configures malicious code protection mechanisms to perform organization-defined action(s) in response to malicious code detection.

Status
Type	CheckType.technical

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed configures malicious code protection mechanisms to perform block and quarantine malicious code and then send an alert to the administrator immediately in near real-time in response to malicious code detection. For information system components that have applicable STIGs or SRGs, the organization being inspected/assessed must comply with the STIG/SRG guidance that pertains to CCI 1243. DoD has defined the actions as block and quarantine malicious code and then send an alert to the administrator immediately in near real-time.

Validation Procedures

The organization conducting the inspection/assessment examines the information system to ensure the organization being inspected/assessed configures malicious code protection mechanisms to perform block and quarantine malicious code and then send an alert to the administrator immediately in near real-time in response to malicious code detection. For information system components that have applicable STIGs or SRGs, the organization conducting the inspection/assessment evaluates the components to ensure that the organization being inspected/assessed has configured the information system in compliance with the applicable STIGs and SRGs pertaining to CCI 1243. DoD has defined the actions as block and quarantine malicious code and then send an alert to the administrator immediately in near real-time.

Compelling Evidence

1.) Signed and dated system security plan. 2.) Complete protection software logs. 3.) Message logs. 4.) Applicable STIG/SRG checks pertaining to CCI 1243.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-001243.

Control	Description
SI-3	The organization: SI-3a.: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; SI-3b.: Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures; SI-3c.: Configures malicious code protection mechanisms to: SI-3c.1.: Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and SI-3c.2.: [Selection (one or more): block malicious code; quarantine malicious code; send alert to administrator; [Assignment: organization-defined action]] in response to malicious code detection; and SI-3d.: Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.

Control

Description

SI-3

The organization:

SI-3a.: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code;

SI-3b.: Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures;

SI-3c.: Configures malicious code protection mechanisms to:
- SI-3c.1.: Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and
- SI-3c.2.: [Selection (one or more): block malicious code; quarantine malicious code; send alert to administrator; [Assignment: organization-defined action]] in response to malicious code detection; and

SI-3d.: Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.