Back

Install security and protection software, as necessary.


CONTROL ID
00575
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a malicious code protection program., CC ID: 00574

This Control has the following implementation support Control(s):
  • Install and maintain container security solutions., CC ID: 16178


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • implementing system controls to detect and guard against malware attacks through any documents submitted; (§ 6.2.1(ii), Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, v.2)
  • implementing system controls to detect and guard against malware attacks through any documents submitted; (§ 6.2.1(ii), Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, V.3)
  • Software and information processing facilities are vulnerable to attacks by computer viruses and other malicious software. Procedures and responsibilities should be established to detect and prevent attacks. AIs should put in place adequate controls such as: - prohibiting the download and use of un… (3.5.3, Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management, V.1 – 24.06.03)
  • App 2-1 Item Number IV.4(9): The organization must take measures to eliminate computer viruses to protect the data. This is a control item that constitutes a relatively small risk to financial information. This is an IT application control. App 2-1 Item Number IV.6(7): The organization must take mea… (App 2-1 Item Number IV.4(9), App 2-1 Item Number IV.6(7), Appendix 1 Correspondence of the System Management Standards - Supplementary Edition to other standards)
  • O105-1.2(8): To protect customers against unauthorized use of their accounts, the organization should notify customers that they should use anti-virus software. T10.2: The organization shall ensure anti-virus software is installed on all systems used to develop software. T49.3(1).1: The organization… (O105-1.2(8), T10.2, T49.3(1).1, T50, T50.2(1), FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th Edition)
  • To protect the computer systems against malicious programs, proper precautions should be taken against intrusion of computer viruses and tampering with programs due to unauthorized access. (P20.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • As an integral part of the two factor authentication architecture, banks should also implement appropriate measures to minimise exposure to a middleman attack which is more commonly known as a man-in-the-middle attack (MITM), man-in-the browser(MITB) attack or man-in-the application attack. The bank… (Critical components of information security g) ¶ 2 15., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Banks should employ anti-malware software and signature auto update features to automatically update signature files and scan engines whenever the vendor publishes updates. After applying an update, automated systems should verify that each system has received its signature update. The bank should m… (Critical components of information security 18) iv., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Measures for preventing intrusion of computer viruses, including installation and operation of vaccine software; (Article 28(1)(5), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
  • A relevant entity must ensure that one or more malware protection measures are implemented on every system, to mitigate the risk of malware infection, where such malware protection measures are available and can be implemented. (IV. 4.5 ¶ 1, MAS-201908-Notice 655 Cyber Hygiene)
  • The FI should also take appropriate measures to minimise exposure to other forms of cyber attacks such as middleman attack which is more commonly known as a man-in-the-middle attack (MITMA), man-in-the browser attack or man-in-the application attack (Refer to Appendix E for details). (§ 12.1.9, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • The FI should deploy anti-virus software to servers, if applicable, and workstations. The FI should regularly update anti-virus definition files and schedule automatic anti-virus scanning on servers and workstations on a regular basis. (§ 9.3.3, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • Install anti-malware software such as anti-virus, anti-spyware, and software-based firewall on computers. Keep them updated and perform scans regularly. (Annex A1: Security of Personal Computers & Other Computing Devices 37, Singapore(PDPC) Guide to Securing Personal Data in Electronic Medium, Revised 20 January 2017)
  • Install anti-malware software to the email server and clients. Keep the software updated and perform scans regularly. (Annex A1: Email Security 53, Singapore(PDPC) Guide to Securing Personal Data in Electronic Medium, Revised 20 January 2017)
  • Antivirus software is implemented on workstations and servers and configured with: (Security Control: 1417; Revision: 2, Australian Government Information Security Manual, March 2021)
  • heuristic-based detection enabled and set to a high level (Security Control: 1417; Revision: 2; Bullet 2, Australian Government Information Security Manual, March 2021)
  • Antivirus software is implemented on workstations and servers with: (Control: ISM-1417; Revision: 4, Australian Government Information Security Manual, June 2023)
  • Antivirus software is implemented on workstations and servers with: (Control: ISM-1417; Revision: 4, Australian Government Information Security Manual, September 2023)
  • The organization should use antivirus software or Internet security software to remove the infection, whenever malicious code is detected. (Control: 0917 Bullet 7, Australian Government Information Security Manual: Controls)
  • The organization must develop a hardened Standard Operating Environment for servers and workstations that includes installing antivirus software or other Internet security software. (Control: 0380 Bullet 5, Australian Government Information Security Manual: Controls)
  • The organization should conduct Antivirus scans on all content using up-to-date signatures and engines and using multiple scanning engines. (Control: 1288, Australian Government Information Security Manual: Controls)
  • Antivirus scanners should be installed on all servers and workstations. (§ 3.5.72, § 3.9.32, Australian Government ICT Security Manual (ACSI 33))
  • The organization should install anti-virus software with the latest signatures and uses reputation ratings and other heuristic detection capabilities. (Mitigation Strategy Effectiveness Ranking 21, Strategies to Mitigate Targeted Cyber Intrusions)
  • The organization should verify that the desktop antivirus software and the gateway antivirus software are from different vendors. (Mitigation Strategy Effectiveness Ranking 21, Strategies to Mitigate Targeted Cyber Intrusions)
  • having anti-malware software installed and/or: (A8.1. (A), Cyber Essentials Scheme (CES) Questionnaire, Version 13)
  • Anti-virus or Malware protection (continue to Q 37-40) (Malware protection Question 36(a), Cyber Essentials Scheme (CES) Questionnaire, Versions 3.3)
  • Has anti-virus or malware protection software been installed on all computers that are connected to or capable of connecting to the Internet? (Malware protection Question 37, Cyber Essentials Scheme (CES) Questionnaire, Versions 3.3)
  • The logical and physical IT systems which the cloud provider uses for the development and rendering of the cloud service as well as the network perimeters which are subject to the cloud provider's area of responsibility are equipped with anti-virus protection and repair programs which allow for a si… (Section 5.6 RB-05 Basic requirement ¶ 1, Cloud Computing Compliance Controls Catalogue (C5))
  • Malware protection software is installed and updated automatically at regular intervals (e.g. virus scanner). (5.2.3 Requirements (should) Bullet 3, Information Security Assessment, Version 5.1)
  • App 2 ¶ 14.g(4): For IT systems that process and access restricted information, the system shall have acceptable industry standard anti-virus software implemented, along with updates. This is applicable to UK contractors. App 6 ¶ 15.g(4): For IT systems that process and access UK restricted inform… (App 2 ¶ 14.g(4), App 6 ¶ 15.g(4), The Contractual process, Version 5.0 October 2010)
  • (§ 4.2.4, OGC ITIL: Security Management)
  • The entity uses antivirus and anti-malware software and requires that it be implemented and maintained on all end-point devices connected to the internal and external networks to provide for the interception, detection and remediation of malware. The entity also requires third-party service organiza… (S7.1 Uses antivirus and anti-malware software, Privacy Management Framework, Updated March 1, 2020)
  • Signatures are required to be updated on a daily basis, actions to be taken to discover viruses, and the procedures used to discover viruses to be documented. (§ VIII, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Has the organization installed enterprise-wide antivirus software on all wireless clients? (Table Row XIII.10, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Do personal digital assistants have anti-virus and virtual private network software installed? (Table Row XIII.25, OECD / World Bank Technology Risk Checklist, Version 7.3)
  • Antivirus software should be installed and running on all computers. This will prevent infection from known viruses. (Pg 135, Mac OS X Security Configuration for version 10.4 or later, second edition, Second Edition)
  • There are no known NetWare viruses. However, if Windows computers will be connecting to the server, viruses can be stored on the NetWare server and transferred to other Windows computers. Antivirus software should be installed to prevent this from occurring. If the NetWare server is being used as an… (§ 1.9, The Center for Internet Security Open Enterprise Server: NetWare (v1) Consensus Baseline Security Settings Benchmark, 1)
  • Wireless devices should have antivirus software installed and configured on them. Before purchasing, verify antivirus software can be installed on WLAN client devices, such as PDAs and other PEDs. (§ 2.3.2 (2.3.2.020), The Center for Internet Security Wireless Networking Benchmark, 1)
  • The control system shall provide the capability to employ malicious code protection mechanisms at all entry and exit points. (7.4.3.1 ¶ 1, IEC 62443-3-3: Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels, Edition 1)
  • There shall be mechanisms on host devices that are qualified by the IACS product supplier to provide protection from malicious code. The IACS product supplier shall document any special configuration requirements related to protection from malicious code. (14.4.1 ¶ 1, IEC 62443-4-2: Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components, Edition 1.0)
  • The network device shall provide for protection from malicious code. (15.6.1 ¶ 1, IEC 62443-4-2: Security for industrial automation and control systems – Part 4-2: Technical security requirements for IACS components, Edition 1.0)
  • For a sample of system components including all Operating System types commonly affected by malicious code, verify that anti-virus software is deployed if applicable anti-virus technology exists. (§ 5.1, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
  • For a sample of system components, verify that all anti-virus programs detect, remove, and protect against all known types of malicious code (for example, viruses, trojan horses, worms, spyware, adware, and rootkits). (§ 5.1.1, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
  • Examine a sample of system components to verify anti-virus software has been deployed if the anti-virus technology exists. (Testing Procedures § 5.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • Examine the anti-virus configurations, including the master installation and sample system components, to verify the anti-virus software is running. (Testing Procedures § 5.3.a, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • For a sample of system components including all operating system types commonly affected by malicious software, verify that anti-virus software is deployed if applicable anti-virus technology exists. (§ 5.1 Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers). (§ 5.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • For a sample of system components, verify that all anti-virus programs detect, remove, and protect against all known types of malicious software (for example, viruses, Trojans, worms, spyware, adware, and rootkits). (§ 5.1.1 Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • Ensure that all anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software. (§ 5.1.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • Anti-virus software must be deployed on all systems. (PCI DSS Requirements § 5.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
  • Anti-virus mechanisms must be actively running and must not be disabled or altered by users, unless specifically authorized by management for a limited time period. (PCI DSS Requirements § 5.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0)
  • Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers). (5.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.1 April 2015)
  • Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers). (5.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
  • Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers). (5.1, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.2)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
  • Are all anti-virus mechanisms: - Actively running? - Unable to be disabled or altered by users? (5.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.2)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.1)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.2)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.2)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • Are all anti-virus mechanisms: - Actively running? - Unable to be disabled or altered by users? (5.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (5.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
  • For a sample of system components including all operating system types commonly affected by malicious software, verify that anti-virus software is deployed if applicable anti-virus technology exists. (5.1, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
  • An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware. (5.2.1, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (PCI DSS Question 5.1, PCI DSS Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.0)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (PCI DSS Question 5.1, PCI DSS Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.0)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (PCI DSS Question 5.1, PCI DSS Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.0)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (PCI DSS Question 5.1, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0)
  • Is anti-virus software deployed on all systems commonly affected by malicious software? (PCI DSS Question 5.1, PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0)
  • Deploy security software products on all mobile devices including antivirus, antispyware, and software authentication products to protect systems from current and evolving malicious software threats. All software should be installed from a trusted source. If anti-malware software is not available, e… (¶ 5.3.2, PCI Mobile Payment Acceptance Security Guidelines for Merchants as End-Users, Version 1.1)
  • An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware. (5.2.1, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware. (5.2.1, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
  • An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware. (5.2.1, Self-Assessment Questionnaire C-VT and Attestation of Compliance for use with PCI DSS Version 4.0)
  • An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware. (5.2.1, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware. (5.2.1, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • When Web services are being used, the following security requirements should be considered: preventing unauthorized Internet e-mail addresses or software downloads by using anti-spam software and installing virus protection software. Installing antivirus software also should be included in the data … (§ 5.2 (Logical Access), § 5.2 (Network Security), IIA Global Technology Audit Guide (GTAG) 7: Information Technology Outsourcing)
  • Antivirus software should be installed on all computers. The antivirus program should prevent, detect, and recover from incidents and should provide instructions of how users should report a virus infection. (Pg 12-II-32, Protection of Assets Manual, ASIS International)
  • The security of instant messaging applications should be improved by enabling malware checking at the desktop (e.g., to compensate for port agile instant messaging software that might bypass malware checking at gateways). (CF.15.02.03c, The Standard of Good Practice for Information Security)
  • There should be documented standards / procedures related to malware protection software, which specify methods for installing and configuring malware protection software (e.g., anti-virus protection software, anti- spyware software). (CF.10.03.01a, The Standard of Good Practice for Information Security)
  • Malware protection software should be installed on systems that are exposed to malware (e.g., those that are connected to networks or the Internet, or are accessed by multiple external suppliers), including relevant servers (e.g., servers that are at risk from malware, such as file and print servers… (CF.10.03.02a, The Standard of Good Practice for Information Security)
  • Malware protection software should be installed on systems that are exposed to malware (e.g., those that are connected to networks or the Internet, or are accessed by multiple external suppliers), including messaging gateways (e.g., those that scan network traffic and electronic messages in real tim… (CF.10.03.02b, The Standard of Good Practice for Information Security)
  • Malware protection software should be installed on systems that are exposed to malware (e.g., those that are connected to networks or the Internet, or are accessed by multiple external suppliers), including computing devices (e.g., desktop computers, laptops, and netbooks). (CF.10.03.02c, The Standard of Good Practice for Information Security)
  • Malware protection software should be installed on systems that are exposed to malware (e.g., those that are connected to networks or the Internet, or are accessed by multiple external suppliers), including consumer devices (e.g., tablets and smartphones). (CF.10.03.02d, The Standard of Good Practice for Information Security)
  • Malware protection software should be installed on systems that are exposed to malware (e.g., those that are connected to networks or the Internet, or are accessed by multiple external suppliers), including office equipment (e.g., network printers, photocopiers, facsimile machines, scanners, and mul… (CF.10.03.02e, The Standard of Good Practice for Information Security)
  • Malware protection software should be installed on systems that are exposed to malware (e.g., those that are connected to networks or the Internet, or are accessed by multiple external suppliers), including Information Systems that support or enable the organization's critical infrastructure (e.g., … (CF.10.03.02f, The Standard of Good Practice for Information Security)
  • Information Systems should be designed to include the installation of malware protection software on key servers. (CF.07.01.05a, The Standard of Good Practice for Information Security)
  • Servers should be subject to standard security management practices, which includes deploying malware protection software to prevent infection by malicious software (e.g., computer viruses, worms, trojan horses, spyware, rootkits, keystroke loggers, and botnet software). (CF.07.02.06c, The Standard of Good Practice for Information Security)
  • Access to the network should be restricted to devices that meet minimum security configuration requirements, which includes verifying that devices are running up-to-date malware protection. (CF.09.03.04b, The Standard of Good Practice for Information Security)
  • Computing devices used by staff working in remote environments should be supplied with up-to-date malware protection software, to protect against computer viruses, worms, trojan horses, spyware, rootkits, botnet software, keystroke loggers and adware. (CF.14.01.04d, The Standard of Good Practice for Information Security)
  • Mobile devices should be protected by the use of up-to-date malware protection software (including program code and signature files). (CF.14.02.05c, The Standard of Good Practice for Information Security)
  • The security of instant messaging applications should be improved by enabling malware checking at the desktop (e.g., to compensate for port agile instant messaging software that might bypass malware checking at gateways). (CF.15.02.03c, The Standard of Good Practice for Information Security, 2013)
  • There should be documented standards / procedures related to malware protection software, which specify methods for installing and configuring malware protection software (e.g., anti-virus protection software, anti- spyware software). (CF.10.03.01a, The Standard of Good Practice for Information Security, 2013)
  • Malware protection software should be installed on systems that are exposed to malware (e.g., those that are connected to networks or the Internet, or are accessed by multiple external suppliers), including relevant servers (e.g., servers that are at risk from malware, such as file and print servers… (CF.10.03.02a, The Standard of Good Practice for Information Security, 2013)
  • Malware protection software should be installed on systems that are exposed to malware (e.g., those that are connected to networks or the Internet, or are accessed by multiple external suppliers), including messaging gateways (e.g., those that scan network traffic and electronic messages in real tim… (CF.10.03.02b, The Standard of Good Practice for Information Security, 2013)
  • Malware protection software should be installed on systems that are exposed to malware (e.g., those that are connected to networks or the Internet, or are accessed by multiple external suppliers), including computing devices (e.g., desktop computers, laptops, and netbooks). (CF.10.03.02c, The Standard of Good Practice for Information Security, 2013)
  • Malware protection software should be installed on systems that are exposed to malware (e.g., those that are connected to networks or the Internet, or are accessed by multiple external suppliers), including consumer devices (e.g., tablets and smartphones). (CF.10.03.02d, The Standard of Good Practice for Information Security, 2013)
  • Malware protection software should be installed on systems that are exposed to malware (e.g., those that are connected to networks or the Internet, or are accessed by multiple external suppliers), including office equipment (e.g., network printers, photocopiers, facsimile machines, scanners, and mul… (CF.10.03.02e, The Standard of Good Practice for Information Security, 2013)
  • Malware protection software should be installed on systems that are exposed to malware (e.g., those that are connected to networks or the Internet, or are accessed by multiple external suppliers), including Information Systems that support or enable the organization's critical infrastructure (e.g., … (CF.10.03.02f, The Standard of Good Practice for Information Security, 2013)
  • Information Systems should be designed to include the installation of malware protection software on key servers. (CF.07.01.05a, The Standard of Good Practice for Information Security, 2013)
  • Access to the network should be restricted to devices that meet minimum security configuration requirements, which includes verifying that devices are running up-to-date malware protection. (CF.09.03.04b, The Standard of Good Practice for Information Security, 2013)
  • Servers should be subject to standard security management practices, which includes deploying malware protection software to prevent infection by malicious software (e.g., computer viruses, worms, trojan horses, spyware, rootkits, keystroke loggers, and botnet software). (CF.07.02.09c, The Standard of Good Practice for Information Security, 2013)
  • Mobile devices should be protected by the use of up-to-date malware protection software (including program code and signature files). (CF.14.02.05b, The Standard of Good Practice for Information Security, 2013)
  • Antivirus software should be installed on all computing resources, including servers, desktops, laptops, and email gateways. The email gateway should possibly have more than one brand of antivirus software running. (Action 1.8.6, Special Action 1.1, SANS Computer Security Incident Handling, Version 2.3.1)
  • Employ automated tools to continuously monitor workstations, servers, and mobile devices with anti-virus, anti-spyware, personal firewalls, and host-based IPS functionality. All malware detection events should be sent to enterprise anti-malware administration tools and event log servers. (Control 8.1, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
  • Employ anti-malware software that offers a centralized infrastructure that compiles information on file reputations or have administrators manually push updates to all machines. After applying an update, automated systems should verify that each system has received its signature update. (Control 8.2, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
  • Enable anti-exploitation features such as Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), virtualization/containerization, etc. For increased protection, deploy capabilities such as Enhanced Mitigation Experience Toolkit (EMET) that can be configured to apply these protec… (Control 8.4, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
  • The organization should scan for viruses at the web proxy gateway. (Critical Control 5.6, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
  • The organization should use network-based anti-malware tools for analyzing inbound traffic and filtering malicious content. (Critical Control 5.11, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
  • The organization should deploy reputation-based technologies on all endpoint devices. (Critical Control 5.15, Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0)
  • The mobile device policy shall require the BYOD user to perform backups of data, prohibit the usage of unapproved application stores, and require the use of anti-malware software (where supported). (MOS-17, Cloud Controls Matrix, v3.0)
  • Policies and procedures shall be established, and supporting business processes and technical measures implemented, to prevent the execution of malware on organizationally-owned or managed user end-point devices (i.e., issued workstations, laptops, and mobile devices) and IT infrastructure network a… (TVM-01, Cloud Controls Matrix, v3.0)
  • Configure managed endpoints with anti-malware detection and prevention technology and services. (UEM-09, Cloud Controls Matrix, v4.0)
  • Ensure that local SWIFT infrastructure is protected against malware. (6.1 Control Objective, Swift Customer Security Controls Framework (CSCF), v2019)
  • Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization's workstations and servers. (CIS Control 8: Sub-Control 8.1 Utilize Centrally Managed Anti-Malware Software, CIS Controls, 7.1)
  • Ensure that the organization's anti-malware software updates its scanning engine and signature database on a regular basis. (CIS Control 8: Sub-Control 8.2 Ensure Anti-Malware Software and Signatures are Updated, CIS Controls, 7.1)
  • Enable anti-exploitation features such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) that are available in an operating system or deploy appropriate toolkits that can be configured to apply protection to a broader set of applications and executables. (CIS Control 8: Sub-Control 8.3 Enable Operating System Anti-Exploitation Features/ Deploy Anti-Exploit Technologies, CIS Controls, 7.1)
  • Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization's workstations and servers. (CIS Control 8: Sub-Control 8.1 Utilize Centrally Managed Anti-Malware Software, CIS Controls, V7)
  • Enable anti-exploitation features such as Data Execution Prevention (DEP) or Address Space Layout Randomization (ASLR) that are available in an operating system or deploy appropriate toolkits that can be configured to apply protection to a broader set of applications and executables. (CIS Control 8: Sub-Control 8.3 Enable Operating System Anti-Exploitation Features/ Deploy Anti-Exploit Technologies, CIS Controls, V7)
  • Ensure that the organization's anti-malware software updates its scanning engine and signature database on a regular basis. (CIS Control 8: Sub-Control 8.2 Ensure Anti-Malware Software and Signatures are Updated, CIS Controls, V7)
  • Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and GatekeeperTM. (CIS Control 10: Safeguard 10.5 Enable Anti-Exploitation Features, CIS Controls, V8)
  • Deploy and maintain email server anti-malware protections, such as attachment scanning and/or sandboxing. (CIS Control 9: Safeguard 9.7 Deploy and Maintain Email Server Anti-Malware Protections, CIS Controls, V8)
  • Deploy and maintain anti-malware software on all enterprise assets. (CIS Control 10: Safeguard 10.1 Deploy and Maintain Anti-Malware Software, CIS Controls, V8)
  • Use behavior-based anti-malware software. (CIS Control 10: Safeguard 10.7 Use Behavior-Based Anti-Malware Software, CIS Controls, V8)
  • Protection Against Malicious Code. Users need to be aware that malicious code may be introduced into their environment through network connections. Malicious code may not be detected before damage is done unless suitable safeguards are implemented. Malicious code may result in compromise of security… (¶ 13.6, ISO 13335-5 Information technology - Guidelines for the management of IT Security - Part 5: Management guidance on network security, 2001)
  • Detection, prevention and recovery controls to protect against malware shall be implemented, combined with appropriate user awareness. (A.12.2.1 Control, ISO 27001:2013, Information Technology - Security Techniques - Information Security Management Systems - Requirements, 2013)
  • Software products should be installed to continuously check for malicious code on every computer in the organization. (§ 10.4.1, ISO 27002 Code of practice for information security management, 2005)
  • In addition to implementing the control given by ISO/IEC 27002, organizations processing personal health information shall implement appropriate prevention, detection and response controls to protect against malicious software and shall implement appropriate user awareness training. (§ 12.2.1 Health-specific control, ISO 27799:2016 Health informatics — Information security management in health using ISO/IEC 27002, Second Edition)
  • Detection, prevention and recovery controls to protect against malware should be implemented, combined with appropriate user awareness. (§ 12.2.1 Control, ISO/IEC 27002:2013(E), Information technology — Security techniques — Code of practice for information security controls, Second Edition)
  • The organization implements safeguards against mobile malware and attacks for mobile devices connecting to corporate network and accessing corporate data (e.g., anti-virus, timely patch deployment, etc.). (DE.CM-5.1, CRI Profile, v1.2)
  • The organization implements safeguards against mobile malware and attacks for mobile devices connecting to corporate network and accessing corporate data (e.g., anti-virus, timely patch deployment, etc.). (DE.CM-5.1, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
  • The network device shall provide for protection from malicious code. (15.6.1 ¶ 1, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • Host devices need to support the use of malicious code protection (against, for example, viruses, worms, Trojan horses and spyware). The product supplier should qualify and document the configuration of protection from malicious code mechanisms so that the primary mission of the control system is ma… (14.4.2 ¶ 1, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • There shall be mechanisms on host devices that are qualified by the IACS product supplier to provide protection from malicious code. The IACS product supplier shall document any special configuration requirements related to protection from malicious code. (14.4.1 ¶ 1, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and (SI-8a., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • The organization centrally manages spam protection mechanisms. (SI-8(1) ¶ 1, StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and (SI-8a., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • The information system implements nonsignature-based malicious code detection mechanisms. (SI-3(7) ¶ 1, StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and (SI-8a., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The organization centrally manages spam protection mechanisms. (SI-8(1) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The information system implements nonsignature-based malicious code detection mechanisms. (SI-3(7) ¶ 1, StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • The organization should implement controls to prevent viruses, malicious code, and unauthorized software on the systems. (Generally Accepted Privacy Principles and Criteria § 8.2.2 j, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • Antivirus and anti-malware software is implemented and maintained to provide for the interception or detection and remediation of malware. (CC6.8 Uses Antivirus and Anti-Malware Software, Trust Services Criteria)
  • Antivirus and anti-malware software is implemented and maintained to provide for the interception or detection and remediation of malware. (CC6.8 ¶ 2 Bullet 4 Uses Antivirus and Anti-Malware Software, Trust Services Criteria, (includes March 2020 updates))
  • Controls have been implemented to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity’s commitments and system requirements as they relate to [insert the principle(s) addressed by the engagement: security, availability, processing integrity, con… (CC5.8, TSP 100A - Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy)
  • Logical access security measures have been implemented to protect against [insert the principle(s) addressed by the engagement: security, availability, processing integrity, confidentiality, or privacy, or any combination thereof] threats from sources outside the boundaries of the system to meet the… (CC5.6, TSP 100A - Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy)
  • using and maintaining up-to-date firewall and anti-virus and anti-malware software to protect against threats posed by hackers; (Information Security Program Bullet 3 Deployment of Protective Measures Against the Identified Threats and Vulnerabilities ¶ 1 Sub-bullet 4, 9070 - NFA Compliance Rules 2-9, 2-36 and 2-49: Information Systems Security Programs)
  • Introduction of Malicious Code Mitigation: Use one or a combination of the following methods to achieve the objective of mitigating the introduction of malicious code (per Transient Cyber Asset capability): - Antivirus software, including manual or managed updates of signatures or patterns; - Applic… (Section 1. 1.4., North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Configuration Change Management and Vulnerability CIP-010-2, Version 2)
  • Antivirus software, including manual or managed updates of signatures or patterns; (Attachment 1 Section 1. 1.4. Bullet 1, North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Configuration Change Management and Vulnerability CIP-010-3, Version 3)
  • Antivirus software, including manual or managed updates of signatures or patterns; (Attachment 1 Section 5. 5.1 Bullet 1, North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Security Management Controls CIP-003-8, Version 8)
  • Deploy method(s) to deter, detect, or prevent malicious code. (CIP-007-6 Table R3 Part 3.1 Requirements ¶ 1., North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - System Security Management CIP-007-6, Version 6)
  • Does the incident identification process include malware activity (anti-virus, worms, trojans)? (§ J.1.2.11.3, Shared Assessments Standardized Information Gathering Questionnaire - J. Incident Event and Communications Management, 7.0)
  • CMS business partners must install up-to-date virus protection software on systems that use the Internet. (§ 5 ¶ 5, CMS Business Partners Systems Security Manual, Rev. 10)
  • CSR 5.12.1: CMS business partners must use software to identify, detect, protect, and eliminate viruses, spam, and spyware. This software must be centrally managed and automatically updated with the latest virus definitions. CSR 10.2.2: The organization must install desktop virus scanning software, … (CSR 5.12.1, CSR 10.2.2, Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006)
  • Remote devices must have approved, vendor-supported antivirus software installed; it must contain the latest signature files. The antivirus software must be configured in accordance with the Desktop Application STIG. The software must be configured to scan the system at startup. (§ 5.4, DISA Secure Remote Computing Security Technical Implementation Guide, Version 1 Release 2)
  • § 2.3 Broadband or high-speed connections used for Remote Access, Mobile Access and Telework, introduces a greater risk of an attack compared to dial-up connections since users are connected for much longer periods and these connections often use static IP addresses provided by Internet Service Pro… (§ 2.3, § 4.1, DISA Secure Remote Computing Security Technical Implementation Guide, Version 2, Release 1)
  • All Windows Server 2003 systems should have an approved virus protection program installed and running. (§ 5.2.2.2, DISA Windows Server 2003 Security Checklist, Version 6 Release 1.11)
  • Virus protection software should be installed and activated on all computers running Windows Vista. (§ 3.3.1 (5.007), DISA Windows VISTA Security Checklist, Version 6 Release 1.11)
  • An approved virus protection programs should be installed and activated to protect the system. (§ 5.2.2.2, DISA Windows XP Security Checklist, Version 6 Release 1.11)
  • Licensed antivirus software should be installed on all wireless devices and be configured according to organizational standards. Inspect a 10% sampling of laptops to ensure they have up-to-date virus software installed. Inspect a 10% sampling of PDAs and cell phones to verify the antivirus software … (§ 3.2 (WIR0050), § 4.2 (WIR0050), § 5 (WIR0050), DISA WIRELESS SECURITY CHECKLIST, Version 5, Release 2.2, Version 5, Release 2.2)
  • § 2.2 (WIR1250) Implement wireless e-mail servers and handheld configuration settings. App B.3 Row "Auto-Protect", in Symantec Antivirus Configuration Settings, should be checked. App B.3 Row "Last Scan", in Symantec Antivirus Configuration Settings, user will manual scan once per week. (§ 2.2 (WIR1250), App B.3 Row "Auto-Protect", App B.3 Row "Last Scan", DISA Wireless STIG Apriva Sensa Secure Wireless Email System Security Checklist, V5R2.2, Version 5 Release 2.2)
  • § 2.2 (WIR3250) All required wireless e-mail server and device configuration should be implemented. App B.3 Row "Auto-Protect", should be Checked. App B.3 Row "Last Scan", set to "User will scan once per week". App B.3 Row "Live Update", set Frequency to Every (Day of Week) and set Action to Update… (§ 2.2 (WIR3250), App B.3 Row "Auto-Protect", App B.3 Row "Last Scan", App B.3 Row "Live Update", § 3.11, DISA Wireless STIG Motorola Good Mobile Wireless Email System Security Checklist, Version 5 Release 2.3)
  • § 2.2 (WIR2250) All required wireless e-mail server and device configuration should be implemented. § 3.4.6 The Symantec antivirus application or the use of another approved antivirus application, should be downloaded from the JTF-GNO antivirus application web site.and installed on Windows Mobile … (§ 2.2 (WIR2250), § 3.4.6, App B.4 Row "Auto-Protect", App B.4 Row "Last Scan", App B.4 Row "Live Update", DISA Wireless STIG Windows Mobile Messaging Wireless EChecklist Version 5, Release 2.4, Version 5 Release 2.4)
  • Employ spam protection mechanisms at information system access entry and exit points. (SI.3.218, Cybersecurity Maturity Model Certification, Version 1.0, Level 3)
  • Employ spam protection mechanisms at information system access entry and exit points. (SI.3.218, Cybersecurity Maturity Model Certification, Version 1.0, Level 4)
  • Employ spam protection mechanisms at information system access entry and exit points. (SI.3.218, Cybersecurity Maturity Model Certification, Version 1.0, Level 5)
  • Virus protection must be implemented on all workstations, servers, and mobile computing devices. (ECVP-1, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
  • The organization shall ensure that cellular devices use antivirus software. (§ 5.5.7.3.1(7), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The agency shall use virus protection measures to detect and eradicate malicious code on all servers, workstations, and mobile devices and at critical points on the network. (§ 5.10.4.2 ¶ 2, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The agency shall implement spam protection and spyware protection processes. (§ 5.10.4.3 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The agency shall use spam protection measures at all critical Information System entry points. (§ 5.10.4.3 ¶ 2(1), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The agency shall use spyware protection mechanisms on servers, workstations, and mobile devices. (§ 5.10.4.3 ¶ 2(2), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The agency shall use spam protection measures and spyware protection measures to detect and take actions on unsolicited messages and spyware or adware. (§ 5.10.4.3 ¶ 2(3), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2)
  • The agency shall implement spam and spyware protection. (§ 5.10.4.3 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • The agency shall employ virus protection mechanisms to detect and eradicate malicious code (e.g., viruses, worms, Trojan horses) at critical points throughout the network and on all workstations, servers and mobile computing devices on the network. The agency shall ensure malicious code protection i… (§ 5.10.4.2 ¶ 2, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • The agency shall implement malicious code protection that includes automatic updates for all systems with Internet access. Agencies with systems not connected to the Internet shall implement local procedures to ensure malicious code protection is kept current (i.e. most recent update available). (§ 5.10.4.2 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • Employ spam protection mechanisms at critical information system entry points (e.g. firewalls, electronic mail servers, remote-access servers). (§ 5.10.4.3 ¶ 2(1), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • Employ malicious code protection on full-featured operating system devices or run a MDM system that facilitates the ability to provide anti-malware services from the agency level. (§ 5.13.3 ¶ 1(7), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • Use the spam and spyware protection mechanisms to detect and take appropriate action on unsolicited messages and spyware/adware, respectively, transported by electronic mail, electronic mail attachments, Internet accesses, removable media (e.g. diskettes or compact disks) or other removable media as… (§ 5.10.4.3 ¶ 2(3), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • Employ spyware protection at workstations, servers and mobile computing devices on the network. (§ 5.10.4.3 ¶ 2(2), Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • Employ spam protection mechanisms at critical information system entry points (e.g. firewalls, electronic mail servers, remote-access servers). (§ 5.10.4.3 ¶ 2 1., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • The agency shall implement spam and spyware protection. (§ 5.10.4.3 ¶ 1, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Employ spyware protection at workstations, servers and mobile computing devices on the network. (§ 5.10.4.3 ¶ 2 2., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • The agency shall employ virus protection mechanisms to detect and eradicate malicious code (e.g., viruses, worms, Trojan horses) at critical points throughout the network and on all workstations, servers and mobile computing devices on the network. The agency shall ensure malicious code protection i… (§ 5.10.4.2 ¶ 2, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Employ malicious code protection on full-featured operating system devices or run a MDM system that facilitates the ability to provide anti-malware services from the agency level. (§ 5.13.3 ¶ 1 7., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Up to date antivirus and anti-malware tools are used. (Domain 3: Assessment Factor: Preventative Controls, INFRASTRUCTURE MANAGEMENT Baseline 1 ¶ 4, FFIEC Cybersecurity Assessment Tool, Baseline, May 2017)
  • Antivirus and anti-malware tools are used to detect attacks. (Domain 3: Assessment Factor: Detective Controls, THREAT AND VULNERABILITY DETECTION Baseline 1 ¶ 2, FFIEC Cybersecurity Assessment Tool, Baseline, May 2017)
  • Use of software tools to protect against and monitor internet-accessible services or open ports. (App A Objective 13:3h Bullet 1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Uses security software that is current, deployed effectively, and designed to keep up with the evolution of malicious code. (App A Objective 13:6e Bullet 1, FFIEC Information Technology Examination Handbook - Architecture, Infrastructure, and Operations, June 2021)
  • Security software and device management (e.g., maintaining the signatures on signaturebased devices and firewall rules). (App A Objective 8.1.a, FFIEC Information Technology Examination Handbook - Information Security, September 2016)
  • Management should design policies and procedures to effectively manage security operations with the following characteristics: - Broadly scoped to address all ongoing security-related functions. - Guided by defined processes. - Integrated with lines of business and third parties. - Appropriately… (III Security Operations, FFIEC Information Technology Examination Handbook - Information Security, September 2016)
  • Antivirus software should be installed on all servers and PCs. (Pg 29, FFIEC IT Examination Handbook - E-Banking, August 2003)
  • Calls for the implementation of an incident response capability. It should make use of virus identification software, an understanding of the constituency being served, an educated constituency that trusts the incident handling team, a means of prompt centralized reporting, response team members wit… (SP-3.4, Federal Information System Controls Audit Manual (FISCAM), February 2009)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The information system implements nonsignature-based malicious code detection mechanisms. (SI-3(7) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and (SI-8a. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The organization centrally manages spam protection mechanisms. (SI-8(1) High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and (SI-8a. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The information system implements nonsignature-based malicious code detection mechanisms. (SI-3(7) Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • The organization centrally manages spam protection mechanisms. (SI-8(1) Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Employ spam protection mechanisms at system entry and exit points to detect and act on unsolicited messages; and (SI-8a., FedRAMP Security Controls High Baseline, Version 5)
  • Implement [FedRAMP Assignment: signature based and non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; (SI-3a., FedRAMP Security Controls High Baseline, Version 5)
  • Implement [FedRAMP Assignment: signature based and non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; (SI-3a., FedRAMP Security Controls Low Baseline, Version 5)
  • Employ spam protection mechanisms at system entry and exit points to detect and act on unsolicited messages; and (SI-8a., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Implement [FedRAMP Assignment: signature based and non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; (SI-3a., FedRAMP Security Controls Moderate Baseline, Version 5)
  • All systems that contain Federal Tax Information must have antivirus software installed and implemented. (Exhibit 6, IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return Information)
  • Do all computers have virus protection installed? (IT - General Q 31, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Is there virus software running on the e-mail server? (IT - General Q 36c, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Is there antivirus software installed on each server? (IT - Servers Q 22, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the Credit Union have virus protection software? (IT - Virus Protection Q 1, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Is there virus protection software on each critical server that is connected to the network? (IT - Virus Protection Q 2, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Is there virus protection software on each Personal Computer that is connected to the network? (IT - Virus Protection Q 3, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the Credit Union have spyware protection software? (IT - Virus Protection Q 11, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the Credit Union have spyware protection software on the network? (IT - Virus Protection Q 12, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the Credit Union have spyware protection software on personal computers that have remote access? (IT - Virus Protection Q 13, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Does the Credit Union use spam filtering software to reduce the amount of unsolicited e-mail? (IT - Virus Protection Q 15, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Do the procedures for client computer with wireless Network Interface Cards include using anti-virus software? (IT - WLANS Q 18b, Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106A)
  • Antivirus software should be installed and operational on all hosts. (§ 5.2.2, Computer Security Incident Handling Guide, NIST SP 800-61, Revision 1)
  • Implement [Selection (one or more): signature based; non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; (SI-3a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Employ spam protection mechanisms at system entry and exit points to detect and act on unsolicited messages; and (SI-8a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Implement [Selection (one or more): signature based; non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; (SI-3a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Employ spam protection mechanisms at system entry and exit points to detect and act on unsolicited messages; and (SI-8a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Implement [Selection (one or more): signature based; non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; (SI-3a., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Implement [Selection (one or more): signature based; non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; (SI-3a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Implement [Selection (one or more): signature based; non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; (SI-3a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Flow Down Controls)
  • Implement [Selection (one or more): signature based; non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; (SI-3a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Implement [Selection (one or more): signature based; non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; (SI-3a., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Calls for System and Information Integrity (SI): Organizations must: (i) identify, report, and correct information and information system flaws in a timely manner; (ii) provide protection from malicious code at appropriate locations within organizational information systems; and (iii) monitor inform… (§ 3, FIPS Pub 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006)
  • Organizational records and documents should be examined to ensure spam protection software is installed on servers, workstations, mobile devices, and entry and exit points to the system; the spam protection checks unsolicited e-mail messages; the software is automatically updated; the system is scan… (SI-4(4), SI-8, Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53A)
  • Antivirus software should be installed on all Bluetooth hosts that frequently receive malware. (Table 4-2 Item 27, Guide to Bluetooth Security, NIST SP 800-121, September 2008)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and (SI-8a. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and (SI-8a. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization centrally manages spam protection mechanisms. (SI-8(1) ¶ 1 Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • The organization centrally manages spam protection mechanisms. (SI-8(1) ¶ 1 High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Antivirus tools only function effectively when installed, configured, running full-time, and maintained properly against the state of known attack methods and payloads. While antivirus tools are common security practice in IT computer systems, their use with ICS may require adopting special practice… (§ 6.2.17.1 ICS-specific Recommendations and Guidance ¶ 1, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Client devices should have antivirus software installed and implemented. The software should be configured to update automatically. (§ 6.3.4 (Antivirus), Guide to Securing Legacy IEEE 802.11 Wireless Networks, NIST SP 800-48, Revision 1)
  • Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources. (T0261, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • The smart grid Information System should include components that actively search for web-based malicious code. (SG.SC-24 Additional Considerations A1, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization should configure the malicious code software to periodically scan the system on a defined frequency. (SG.SI-3 Additional Considerations A3, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization should implement spam protection at all network entry points and on servers, workstations, and mobile computing devices for detecting and taking action on unsolicited e-mail, e-mail attachments, web access, and other access methods. (SG.SI-3 Additional Considerations A5, NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010)
  • The organization must to implement spam protection on all network devices to detect and take action. (App F § SI-8.a, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization should centrally manage spam protection mechanisms. (App F § SI-8(1), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization must use malicious code protection mechanisms on servers, workstations, system entry points, system exit points, and mobile computing devices to detect and eradicate malicious code that is transported by e-mail, e-mail attachments, removable media, or web access, and inserted by exp… (App F § SI-3.a, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The organization should use local mechanisms or procedures as compensating controls in accordance with the general tailoring guidance when the Industrial Control System cannot centrally manage spam protection mechanisms. (App I § SI-8 Control Enhancement: (1), Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • The Industrial Control System generally does not use spam protection mechanisms because unusual traffic flow may be interpreted as spam which can cause issues and possible system failure of the Industrial Control System. (App I § SI-8, Recommended Security Controls for Federal Information Systems, NIST SP 800-53)
  • Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources. (T0261, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • The organization employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code. (SI-3a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The information system implements nonsignature-based malicious code detection mechanisms. (SI-3(7), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages. (SI-8a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization centrally manages spam protection mechanisms. (SI-8(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The information system implements spam protection mechanisms with a learning capability to more effectively identify legitimate communications traffic. (SI-8(3), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • The organization employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code. (SI-3a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages. (SI-8a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization centrally manages spam protection mechanisms. (SI-8(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code. (SI-3a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code. (SI-3a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages. (SI-8a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • The organization centrally manages spam protection mechanisms. (SI-8(1), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Deprecated, Revision 4, Deprecated)
  • Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and (SI-8a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • The organization centrally manages spam protection mechanisms. (SI-8(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • The organization centrally manages spam protection mechanisms. (SI-8(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and (SI-8a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • The information system implements nonsignature-based malicious code detection mechanisms. (SI-3(7) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and (SI-8a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The organization centrally manages spam protection mechanisms. (SI-8(1) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • The information system implements spam protection mechanisms with a learning capability to more effectively identify legitimate communications traffic. (SI-8(3) ¶ 1, Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Implement [Selection (one or more): signature based; non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; (SI-3a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Implement spam protection mechanisms with a learning capability to more effectively identify legitimate communications traffic. (SI-8(3) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Employ spam protection mechanisms at system entry and exit points to detect and act on unsolicited messages; and (SI-8a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Implement [Selection (one or more): signature based; non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; (SI-3a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Implement spam protection mechanisms with a learning capability to more effectively identify legitimate communications traffic. (SI-8(3) ¶ 1, Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Employ spam protection mechanisms at system entry and exit points to detect and act on unsolicited messages; and (SI-8a., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Anyone who stores, licenses, owns, or maintains personal information about a Massachusetts resident and electronically transmits or stores that information must establish and maintain a security system (which must be included in the comprehensive, written information security program) for all comput… (§ 17.04(7), Massachusetts 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth of Massachusetts)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a., TX-RAMP Security Controls Baseline Level 1)
  • The organization centrally manages spam protection mechanisms. (SI-8(1) ¶ 1, TX-RAMP Security Controls Baseline Level 2)
  • Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; (SI-3a., TX-RAMP Security Controls Baseline Level 2)
  • Employs spam protection mechanisms at information system entry and exit points to detect and take action on unsolicited messages; and (SI-8a., TX-RAMP Security Controls Baseline Level 2)
  • The information system implements nonsignature-based malicious code detection mechanisms. (SI-3(7) ¶ 1, TX-RAMP Security Controls Baseline Level 2)