Navigate

CCI-002619

CCI-002619 Definition

The organization employs malicious code protection mechanisms at information system entry points to detect malicious code.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

The organization being inspected/assessed identifies and documents the information system entry points and implements malicious code protection mechanisms at those entry points to detect malicious code. Information system entry and exit points include, for example, firewalls, electronic mail servers, web servers, proxy servers, remote-access servers, workstations, notebook computers, and mobile devices. Malicious code protection mechanisms include, for example, anti-virus signature definitions and reputation-based technologies.

Validation Procedures

The organization conducting the inspection/assessment examines the information system architecture as well as the organization's documentation of information system entry points and verifies that malicious code protection mechanisms are implemented.

Compelling Evidence

1.) Signed and dated system security plan that documents all entry points for information system (Reviewer [Scan/Network] will confirm actual entry points match documentation) and malicious code protections being used, as well as frequency by which protection signatures are updated (Reviewer [Network/HBSS] will validate that protections are being used and signatures are current).

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002619.

Control	Description
SI-3	The organization: a: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; b: Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures; c: Configures malicious code protection mechanisms to: 1: Perform periodic scans of the information system [one of ] and real-time scans of files from external sources at [one or more of "endpoint"/"network entry/exit points"] as the files are downloaded, opened, or executed in accordance with organizational security policy; and 2: [one or more of "block malicious code"/"quarantine malicious code"/"send alert to administrator"/" {{ insert: param, si-3_prm_4 }} "] in response to malicious code detection; and d: Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.

Control

Description

SI-3

The organization:

a: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code;

b: Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures;

c: Configures malicious code protection mechanisms to:
- 1: Perform periodic scans of the information system [one of ] and real-time scans of files from external sources at [one or more of "endpoint"/"network entry/exit points"] as the files are downloaded, opened, or executed in accordance with organizational security policy; and
- 2: [one or more of "block malicious code"/"quarantine malicious code"/"send alert to administrator"/" {{ insert: param, si-3_prm_4 }} "] in response to malicious code detection; and

d: Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.