Navigate

SI-3(1)

SI-3(1): Central Management

The organization centrally manages malicious code protection mechanisms.

Supplemental

Central management is the organization-wide management and implementation of malicious code protection mechanisms. Central management includes planning, implementing, assessing, authorizing, and monitoring the organization-defined, centrally managed flaw malicious code protection security controls.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-3(1).

Control	Description
AU-2	The organization: a: Determines that the information system is capable of auditing the following events: [organization-defined auditable events]; b: Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events; c: Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and d: Determines that the following events are to be audited within the information system: [organization-defined audited events (the subset of the auditable events defined in AU-2 a.) along with the frequency of (or situation requiring) auditing for each identified event].
SI-8	The organization: a: Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and b: Updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.

Control

Description

AU-2

The organization:

a: Determines that the information system is capable of auditing the following events: [organization-defined auditable events];

b: Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events;

c: Provides a rationale for why the auditable events are deemed to be adequate to support after-the-fact investigations of security incidents; and

d: Determines that the following events are to be audited within the information system: [organization-defined audited events (the subset of the auditable events defined in AU-2 a.) along with the frequency of (or situation requiring) auditing for each identified event].

SI-8

The organization:

a: Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and

b: Updates spam protection mechanisms when new releases are available in accordance with organizational configuration management policy and procedures.

Enhancements

The controls below (if any) add on to the requirements of SI-3(1).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-3(1).

CCI	Definition
CCI-001246	The organization centrally manages malicious code protection mechanisms.