πΌ SI-3 Malicious Code Protection
- Contextual name: πΌ SI-3 Malicious Code Protection
- ID:
/frameworks/nist-sp-800-53-r5/si/03 - Located in: πΌ SI System And Information Integrity
Descriptionβ
a. Implement [Selection (one or more): signature based; non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; b. Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy and procedures; c. Configure malicious code protection mechanisms to:
- Perform periodic scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more): endpoint; network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and
- [Selection (one or more): block malicious code; quarantine malicious code; take [Assignment: organization-defined action]]; and send alert to [Assignment: organization-defined personnel or roles] in response to malicious code detection; and d. Address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system.
Similarβ
- Internal
- ID:
dec-c-59106f9e
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ FedRAMP High Security Controls β πΌ SI-3 Malicious Code Protection (L)(M)(H) | 7 | 7 | ||
| πΌ FedRAMP Low Security Controls β πΌ SI-3 Malicious Code Protection (L)(M)(H) | 7 | |||
| πΌ NIST CSF v2.0 β πΌ PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected | 81 | |||
| πΌ NIST CSF v2.0 β πΌ PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected | 68 | |||
| πΌ NIST CSF v2.0 β πΌ PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected | 66 |