💼 SI-3 Malicious Code Protection
- Contextual name: 💼 SI-3 Malicious Code Protection
- ID:
/frameworks/nist-sp-800-53-r5/si/03 - Located in: 💼 SI System And Information Integrity
Description​
a. Implement [Selection (one or more): signature based; non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; b. Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy and procedures; c. Configure malicious code protection mechanisms to:
- Perform periodic scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more): endpoint; network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and
- [Selection (one or more): block malicious code; quarantine malicious code; take [Assignment: organization-defined action]]; and send alert to [Assignment: organization-defined personnel or roles] in response to malicious code detection; and d. Address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system.
Similar​
- Internal
- ID:
dec-c-59106f9e
- ID:
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 FedRAMP High Security Controls → 💼 SI-3 Malicious Code Protection (L)(M)(H) | 7 | 7 | ||
| 💼 FedRAMP Low Security Controls → 💼 SI-3 Malicious Code Protection (L)(M)(H) | 7 | |||
| 💼 NIST CSF v2.0 → 💼 PR.DS-01: The confidentiality, integrity, and availability of data-at-rest are protected | 117 | |||
| 💼 NIST CSF v2.0 → 💼 PR.DS-02: The confidentiality, integrity, and availability of data-in-transit are protected | 97 | |||
| 💼 NIST CSF v2.0 → 💼 PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected | 111 |