| ๐ผ 5.1 Deploy anti-virus software on all systems commonly affected by malicious software. | 2 | 4 | 4 | |
| ย ย ย ย ๐ผ 5.1.1 Ensure that anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software. | | | | |
| ย ย ย ย ๐ผ 5.1.2 For systems considered to be not commonly affected by malicious software, perform periodic evaluations to identify and evaluate evolving malware threats in order to confirm whether such systems continue to not require anti-virus software. | | | | |
| ๐ผ 5.2 Ensure that all anti-virus mechanisms are maintained. | | | | |
| ๐ผ 5.3 Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period. | | | | |
| ๐ผ 5.4 Ensure that security policies and operational procedures for protecting systems against malware are documented, in use, and known to all affected parties. | | | | |