Skip to main content

πŸ’Ό SI-3 MALICIOUS CODE PROTECTION

Description​

The organization: SI-3a. Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; SI-3b. Updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures; SI-3c. Configures malicious code protection mechanisms to: SI-3c.1. Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and SI-3c.2. [Selection (one or more): block malicious code; quarantine malicious code; send alert to administrator; [Assignment: organization-defined action]] in response to malicious code detection; and SI-3d. Addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.

Similar​

  • Internal
    • ID: dec-c-2d7df392

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.CM-4: Malicious code is detected77
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.DP-3: Detection processes are tested1414

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SI-3 (1) CENTRAL MANAGEMENT
πŸ’Ό SI-3 (2) AUTOMATIC UPDATES
πŸ’Ό SI-3 (3) NON-PRIVILEGED USERS
πŸ’Ό SI-3 (4) UPDATES ONLY BY PRIVILEGED USERS
πŸ’Ό SI-3 (5) PORTABLE STORAGE DEVICES
πŸ’Ό SI-3 (6) TESTING _ VERIFICATION
πŸ’Ό SI-3 (7) NONSIGNATURE-BASED DETECTION
πŸ’Ό SI-3 (8) DETECT UNAUTHORIZED COMMANDS
πŸ’Ό SI-3 (9) AUTHENTICATE REMOTE COMMANDS
πŸ’Ό SI-3 (10) MALICIOUS CODE ANALYSIS