Navigate

CCI-002623

CCI-002623 Definition

Defines the frequency for performing periodic scans of the system for malicious code.

Status
Type	CheckType.policy

Master Assessment Datasheet

Implementation Guidance

DoD has defined the frequency as every 7 days.

Validation Procedures

The organization being inspected/assessed is automatically compliant with this CCI because they are covered at the DoD level. DoD has defined the frequency as every 7 days.

Compelling Evidence

Automatically compliant.

Related Controls

The controls below (if any) were marked by NIST as being related to CCI-002623.

Control	Description
SI-3	The organization: a: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; b: Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures; c: Configures malicious code protection mechanisms to: 1: Perform periodic scans of the information system [organization-defined frequency] and real-time scans of files from external sources at [one or more of endpoint/network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and 2: [one or more of block malicious code/quarantine malicious code/send alert to administrator/ {{ insert: param, si-3_prm_4 }} ] in response to malicious code detection; and d: Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.

Control

Description

SI-3

The organization:

a: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code;

b: Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures;

c: Configures malicious code protection mechanisms to:
- 1: Perform periodic scans of the information system [organization-defined frequency] and real-time scans of files from external sources at [one or more of endpoint/network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and
- 2: [one or more of block malicious code/quarantine malicious code/send alert to administrator/ {{ insert: param, si-3_prm_4 }} ] in response to malicious code detection; and

d: Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.