Back

Configure security and protection software according to Organizational Standards.


CONTROL ID
11917
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system hardening procedures., CC ID: 12001

This Control has the following implementation support Control(s):
  • Configure security and protection software to automatically run at startup., CC ID: 12443
  • Configure security and protection software to check for up-to-date signature files., CC ID: 00576
  • Configure security and protection software to enable automatic updates., CC ID: 11945
  • Configure security and protection software to check e-mail messages., CC ID: 00578
  • Configure security and protection software to check e-mail attachments., CC ID: 11860
  • Configure security and protection software to check for phishing attacks., CC ID: 04569
  • Configure Windows Defender Remote Credential Guard to organizational standards., CC ID: 16515
  • Configure Windows Defender Credential Guard to organizational standards., CC ID: 16514


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • automatic and regular scanning configured for all fixed disks and removable media. (Security Control: 1417; Revision: 2; Bullet 4, Australian Government Information Security Manual, March 2021)
  • heuristic-based detection enabled and set to a high level (Security Control: 1417; Revision: 2; Bullet 2, Australian Government Information Security Manual, March 2021)
  • Antivirus software has reputation rating functionality enabled. (Security Control: 1390; Revision: 2, Australian Government Information Security Manual, March 2021)
  • reputation rating functionality enabled (Control: ISM-1417; Revision: 4; Bullet 3, Australian Government Information Security Manual, June 2023)
  • ransomware protection functionality enabled (Control: ISM-1417; Revision: 4; Bullet 4, Australian Government Information Security Manual, June 2023)
  • heuristic-based detection functionality enabled and set to a high level (Control: ISM-1417; Revision: 4; Bullet 2, Australian Government Information Security Manual, June 2023)
  • signature-based detection functionality enabled and set to a high level (Control: ISM-1417; Revision: 4; Bullet 1, Australian Government Information Security Manual, June 2023)
  • reputation rating functionality enabled (Control: ISM-1417; Revision: 4; Bullet 3, Australian Government Information Security Manual, September 2023)
  • ransomware protection functionality enabled (Control: ISM-1417; Revision: 4; Bullet 4, Australian Government Information Security Manual, September 2023)
  • heuristic-based detection functionality enabled and set to a high level (Control: ISM-1417; Revision: 4; Bullet 2, Australian Government Information Security Manual, September 2023)
  • signature-based detection functionality enabled and set to a high level (Control: ISM-1417; Revision: 4; Bullet 1, Australian Government Information Security Manual, September 2023)
  • Has anti-virus or malware protection software been configured to scan files automatically upon access (including when downloading and opening files, accessing files on removable storage media or a network folder) and scan web pages when accessed (via a web browser)? (Malware protection Question 39, Cyber Essentials Scheme (CES) Questionnaire, Versions 3.3)
  • For IT systems operated without the use of malware protection software, alternative measures (e.g. special resilience measures, few services, no active users, network isolation) are implemented. (5.2.3 Requirements (should) Bullet 9, Information Security Assessment, Version 5.1)
  • Ensure that all anti-virus mechanisms are maintained as follows: - Are kept current, - Perform periodic scans - Generate audit logs which are retained per PCI DSS Requirement 10.7. (5.2, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
  • Ensure that all anti-virus mechanisms are maintained as follows: - Are kept current, - Perform periodic scans - Generate audit logs which are retained per PCI DSS Requirement 10.7. (5.2, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
  • Antivirus and anti-malware software on servers and endpoint devices is configured, implemented, and maintained to provide for the interception or detection and remediation of malware. (CC6.8 ¶ 2 Bullet 4 Uses Antivirus and Anti-Malware Software, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • Protection from malicious code (for example, viruses, worms, Trojan horses and spyware) may be provided by the control system application or by an external service or application. Control system applications need to be compatible with mechanisms designed to protect them from malicious code. This req… (12.3.2 ¶ 1, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • Configures malicious code protection mechanisms to: (SI-3c., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Configures malicious code protection mechanisms to: (SI-3c., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Configures malicious code protection mechanisms to: (SI-3c., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Configures malicious code protection mechanisms to: (SI-3c., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Introduction of malicious code mitigation: Use one or a combination of the following methods to achieve the objective of mitigating malicious code (per Transient Cyber Asset capability): - Review of antivirus update level; - Review of antivirus update process used by the party; - Review of applicati… (Section 2. 2.2, North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Configuration Change Management and Vulnerability CIP-010-2, Version 2)
  • Configures malicious code protection mechanisms to: (SI-3c. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Configures malicious code protection mechanisms to: (SI-3c. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Configures malicious code protection mechanisms to: (SI-3c. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Configures malicious code protection mechanisms to: (SI-3c. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Configures malicious code protection mechanisms to: (SI-3c. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Configures malicious code protection mechanisms to: (SI-3c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Configures malicious code protection mechanisms to: (SI-3c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Configures malicious code protection mechanisms to: (SI-3c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Configures malicious code protection mechanisms to: (SI-3c., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Configures malicious code protection mechanisms to: (SI-3c., TX-RAMP Security Controls Baseline Level 1)
  • Configures malicious code protection mechanisms to: (SI-3c., TX-RAMP Security Controls Baseline Level 2)