CCI-004145
CCI-004145 Definition
| Status | |
| Type | CheckType.policy |
Master Assessment Datasheet
Implementation Guidance
Determine if: - malicious code remaining in the system is analyzed after the incident. - other residual artifacts remaining in the system (if any) are analyzed after the incident.
Validation Procedures
Examine: [SELECT FROM: Incident response policy; procedures addressing incident handling; procedures addressing code and forensic analysis; procedures addressing incident response; incident response plan; system design documentation; malicious code protection mechanisms, tools, and techniques; results from malicious code analyses; system security plan; system audit records; other relevant documents or records]. Interview: [SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel installing, configuring, and/or maintaining the system; organizational personnel with responsibility for malicious code protection; organizational personnel responsible for incident response/management]. Test: [SELECT FROM: Organizational process for incident response; organizational processes for conducting forensic analysis; tools and techniques for analysis of malicious code characteristics and behavior].