Back

Scan for malicious code, as necessary.


CONTROL ID
11941
CONTROL TYPE
Investigate
CLASSIFICATION
Detective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a malicious code protection program., CC ID: 00574

This Control has the following implementation support Control(s):
  • Test all removable storage media for viruses and malicious code., CC ID: 11861
  • Test all untrusted files or unverified files for viruses and malicious code., CC ID: 01311
  • Remove malware when malicious code is discovered., CC ID: 13691
  • Notify interested personnel and affected parties when malware is detected., CC ID: 13689


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Effective customer education programmes tailored for the use of mobile devices should be in place as well as ongoing efforts to identify fake Internet banking Apps, if applicable, and notify customers promptly. (§ 7.1.3, Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, v.2)
  • Software and information processing facilities are vulnerable to attacks by computer viruses and other malicious software. Procedures and responsibilities should be established to detect and prevent attacks. AIs should put in place adequate controls such as: - prohibiting the download and use of un… (3.5.3, Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management, V.1 – 24.06.03)
  • Also, to ensure and maintain the reliability of software, proper precautions should be taken to detect malicious programs and verify the validity of other related systems and devices. (P21.1. ¶ 2, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • It is necessary to take measures in advance to protect the system from invasion by malicious programs such as computer viruses. It is also necessary to take measures for early detecting the infection. (P32.1. ¶ 1, FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Even in the programming phase, protection against infection with computer viruses and other malicious programs is indispensable. Especially, in the case that developers share files with each other in the network environment and/or use package software, etc. for program development, a computer virus … (P91.2., FISC Security Guidelines on Computer Systems for Financial Institutions, Ninth Edition, Revised March 2020)
  • Administrators should not rely solely on AV software and email filtering to detect worm infections. Logs from firewalls, intrusion detection and prevention sensors, DNS servers and proxy server logs should be monitored on a daily basis for signs of worm infections including but not limited to: (Critical components of information security 18) v., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Enterprise security administrative features may be used daily to check the number of systems that do not have the latest anti-malware signatures. All malware detection events should be sent to enterprise anti-malware administration tools and event log servers. (Critical components of information security 18) iii., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • The FI should deploy anti-virus software to servers, if applicable, and workstations. The FI should regularly update anti-virus definition files and schedule automatic anti-virus scanning on servers and workstations on a regular basis. (§ 9.3.3, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • The FI should ensure that anti-malware signatures are kept up-to-date and the systems are regularly scanned for malicious files or anomalous activities. (§ 11.3.4, Technology Risk Management Guidelines, January 2021)
  • Install anti-malware software such as anti-virus, anti-spyware, and software-based firewall on computers. Keep them updated and perform scans regularly. (Annex A1: Security of Personal Computers & Other Computing Devices 37, Singapore(PDPC) Guide to Securing Personal Data in Electronic Medium, Revised 20 January 2017)
  • Install anti-malware software to the email server and clients. Keep the software updated and perform scans regularly. (Annex A1: Email Security 53, Singapore(PDPC) Guide to Securing Personal Data in Electronic Medium, Revised 20 January 2017)
  • all previously connected media used in the period leading up to the infection are scanned for signs of infection and isolated if necessary (Security Control: 0917; Revision: 7; Bullet 2, Australian Government Information Security Manual, March 2021)
  • Data imported to a system is scanned for malicious and active content. (Security Control: 0657; Revision: 4, Australian Government Information Security Manual, March 2021)
  • Data imported to a system is scanned for malicious and active content, undergoes data format checks and logging, and is monitored to detect overuse/unusual usage patterns. (Security Control: 0658; Revision: 4, Australian Government Information Security Manual, March 2021)
  • Antivirus scanning, using multiple different scanning engines, is performed on all content. (Security Control: 1288; Revision: 1, Australian Government Information Security Manual, March 2021)
  • Email and web content entering a security domain is automatically run in a dynamic malware analysis sandbox to detect suspicious behaviour. (Security Control: 1389; Revision: 1, Australian Government Information Security Manual, March 2021)
  • Any data identified by a content filtering process as suspicious is blocked until reviewed and approved for transfer by a trusted source other than the originator. (Security Control: 0652; Revision: 2, Australian Government Information Security Manual, March 2021)
  • regular scanning configured for all fixed disks and removable media. (Control: ISM-1417; Revision: 4; Bullet 6, Australian Government Information Security Manual, June 2023)
  • SOEs provided by third parties are scanned for malicious code and configurations. (Control: ISM-1608; Revision: 1, Australian Government Information Security Manual, June 2023)
  • When manually importing data to systems, the data is scanned for malicious and active content. (Control: ISM-0657; Revision: 6, Australian Government Information Security Manual, June 2023)
  • Microsoft Office macro antivirus scanning is enabled. (Control: ISM-1672; Revision: 0, Australian Government Information Security Manual, June 2023)
  • Files imported or exported via gateways or CDSs undergo antivirus scanning using multiple different scanning engines. (Control: ISM-1288; Revision: 2, Australian Government Information Security Manual, June 2023)
  • all previously connected media used in the period leading up to the infection are scanned for signs of infection and isolated if necessary (Control: ISM-0917; Revision: 7; Bullet 2, Australian Government Information Security Manual, June 2023)
  • regular scanning configured for all fixed disks and removable media. (Control: ISM-1417; Revision: 4; Bullet 6, Australian Government Information Security Manual, September 2023)
  • SOEs provided by third parties are scanned for malicious code and configurations. (Control: ISM-1608; Revision: 1, Australian Government Information Security Manual, September 2023)
  • When manually importing data to systems, the data is scanned for malicious and active content. (Control: ISM-0657; Revision: 6, Australian Government Information Security Manual, September 2023)
  • Microsoft Office macro antivirus scanning is enabled. (Control: ISM-1672; Revision: 0, Australian Government Information Security Manual, September 2023)
  • Files imported or exported via gateways or CDSs undergo antivirus scanning using multiple different scanning engines. (Control: ISM-1288; Revision: 2, Australian Government Information Security Manual, September 2023)
  • all previously connected media used in the period leading up to the infection are scanned for signs of infection and isolated if necessary (Control: ISM-0917; Revision: 7; Bullet 2, Australian Government Information Security Manual, September 2023)
  • Has malware protection software been configured to perform regular periodic scans (eg daily)? (Malware protection Question 40, Cyber Essentials Scheme (CES) Questionnaire, Versions 3.3)
  • The entire data contents of all systems is regularly inspected for malware. (5.2.3 Requirements (should) Bullet 5, Information Security Assessment, Version 5.1)
  • Data transferred by central gateways (e.g. e-mail, internet, third-party networks) is automatically inspected by means of protection software: (5.2.3 Requirements (should) Bullet 6, Information Security Assessment, Version 5.1)
  • The control system shall provide the capability to employ protection mechanisms to prevent, detect, report and mitigate the effects of malicious code or unauthorized software. The control system shall provide the capability to update the protection mechanisms. (7.4.1 ¶ 1, IEC 62443-3-3: Industrial communication networks – Network and system security – Part 3-3: System security requirements and security levels, Edition 1)
  • Ensure that all anti-virus mechanisms are maintained as follows: - Are kept current, - Perform periodic scans - Generate audit logs which are retained per PCI DSS Requirement 10.7. (5.2, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.1 April 2015)
  • Ensure that all anti-virus mechanisms are maintained as follows: - Are kept current, - Perform periodic scans - Generate audit logs which are retained per PCI DSS Requirement 10.7. (5.2, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, v3.2.1)
  • Ensure that all anti-virus mechanisms are maintained as follows: - Are kept current, - Perform periodic scans - Generate audit logs which are retained per PCI DSS Requirement 10.7. (5.2, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2)
  • Are anti-virus programs capable of detecting, removing, and protecting against all known types of malicious software (for example, viruses, Trojans, worms, spyware, adware, and rootkits)? (5.1.1, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
  • Are automatic updates and periodic scans enabled and being performed? (5.2 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
  • Are all anti-virus mechanisms: - Actively running? - Unable to be disabled or altered by users? (5.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
  • Are automatic updates and periodic scans enabled and being performed? (5.2(b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.2)
  • Are automatic updates and periodic scans enabled and being performed? (5.2 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.1)
  • Are automatic updates and periodic scans enabled and being performed? (5.2(b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.2)
  • Are all anti-virus mechanisms: - Actively running? - Unable to be disabled or altered by users? (5.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.1)
  • Are automatic updates and periodic scans enabled and being performed? (5.2 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.1)
  • Are automatic updates and periodic scans enabled and being performed? (5.2(b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.2)
  • Are automatic updates and periodic scans enabled and being performed? (5.2 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • Are all anti-virus mechanisms: - Actively running? - Unable to be disabled or altered by users? (5.3, Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.1)
  • Are automatic updates and periodic scans enabled and being performed? (5.2(b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.2)
  • Are automatic updates and periodic scans enabled and being performed? (5.2 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.1)
  • Are automatic updates and periodic scans enabled and being performed? (5.2(b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.2)
  • Examine anti-virus configurations, including the master installation of the software to verify anti-virus mechanisms are: - Configured to perform automatic updates, and - Configured to perform periodic scans. (5.2.b, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
  • Examine a sample of system components, including all operating system types commonly affected by malicious software, to verify that: - The anti-virus software and definitions are current. - Periodic scans are performed. (5.2.c, Payment Card Industry (PCI) Data Security Standard, Testing Procedures, Version 3.2)
  • Performs periodic scans and active or real-time scans. (5.3.2 Bullet 1, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Performs continuous behavioral analysis of systems or processes. (5.3.2 Bullet 2, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted. (5.3.3 Bullet 2, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Performs automatic scans of when the media is inserted, connected, or logically mounted, (5.3.3 Bullet 1, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Detects all known types of malware. (5.2.2 Bullet 1, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Detects all known types of malware. (5.2.2 Bullet 1, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • Examine anti-malware solution(s) configurations, including any master installation of the software, to verify the solution(s) is configured to perform at least one of the elements specified in this requirement. (5.3.2.a, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • Examine system components, including all operating system types identified as at risk for malware, to verify the solution(s) is enabled in accordance with at least one of the elements specified in this requirement. (5.3.2.b, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • Examine logs and scan results to verify that the solution(s) is enabled in accordance with at least one of the elements specified in this requirement. (5.3.2.c, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • Examine anti-malware solution(s) configurations to verify that, for removable electronic media, the solution is configured to perform at least one of the elements specified in this requirement. (5.3.3.a, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • Examine logs and scan results to verify that the solution(s) is enabled in accordance with at least one of the elements specified in this requirement. (5.3.3.c, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • Examine system components with removable electronic media connected to verify that the solution(s) is enabled in accordance with at least one of the elements as specified in this requirement. (5.3.3.b, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures, Version 4.0)
  • Detects all known types of malware. (5.2.2 Bullet 1, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs periodic scans and active or real-time scans. (5.3.2 Bullet 1, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs continuous behavioral analysis of systems or processes. (5.3.2 Bullet 2, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs automatic scans of when the media is inserted, connected, or logically mounted, (5.3.3 Bullet 1, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted. (5.3.3 Bullet 2, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Detects all known types of malware. (5.2.2 Bullet 1, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs continuous behavioral analysis of systems or processes. (5.3.2 Bullet 2, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs periodic scans and active or real-time scans. (5.3.2 Bullet 1, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs automatic scans of when the media is inserted, connected, or logically mounted, (5.3.3 Bullet 1, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted. (5.3.3 Bullet 2, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Detects all known types of malware. (5.2.2 Bullet 1, Self-Assessment Questionnaire C-VT and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs periodic scans and active or real-time scans. (5.3.2 Bullet 1, Self-Assessment Questionnaire C-VT and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs continuous behavioral analysis of systems or processes. (5.3.2 Bullet 2, Self-Assessment Questionnaire C-VT and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs automatic scans of when the media is inserted, connected, or logically mounted, (5.3.3 Bullet 1, Self-Assessment Questionnaire C-VT and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted. (5.3.3 Bullet 2, Self-Assessment Questionnaire C-VT and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs periodic scans and active or real-time scans. (5.3.2 Bullet 1, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs continuous behavioral analysis of systems or processes. (5.3.2 Bullet 2, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs automatic scans of when the media is inserted, connected, or logically mounted, (5.3.3 Bullet 1, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted. (5.3.3 Bullet 2, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Detects all known types of malware. (5.2.2 Bullet 1, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Detects all known types of malware. (5.2.2 Bullet 1, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs periodic scans and active or real-time scans. (5.3.2 Bullet 1, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs automatic scans of when the media is inserted, connected, or logically mounted, (5.3.3 Bullet 1, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted. (5.3.3 Bullet 2, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Performs continuous behavioral analysis of systems or processes. (5.3.2 Bullet 2, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Verify that a code analysis tool is in use that can detect potentially malicious code, such as time functions, unsafe file operations and network connections. (10.1.1, Application Security Verification Standard 4.0.3, 4.0.3)
  • Use network-based anti-malware tools to identify executables in all network traffic and use techniques other than signature-based detection to identify and filter out malicious content before it arrives at the endpoint. (Control 8.5, The CIS Critical Security Controls for Effective Cyber Defense, Version 6.0)
  • Procedures are in place to scan information assets that have been transferred or returned to the entity's custody for malware and other unauthorized software. Detected malware or other software is removed prior to connection to the entity's network. (CC6.8 ¶ 2 Bullet 5 Scans Information Assets from Outside the Entity for Malware and Other Unauthorized Software, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • The organization implements and manages appropriate tools to detect and block malware from infecting networks and systems. (DE.CM-4.1, CRI Profile, v1.2)
  • Malicious code is detected. (DE.CM-4, CRI Profile, v1.2)
  • Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. (§ 52.204-21(b)(1)(xv), Federal Acquisition Regulation 52.204-21 Basic Safeguarding of Covered Contractor Information Systems)
  • The organization implements and manages appropriate tools to detect and block malware from infecting networks and systems. (DE.CM-4.1, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
  • Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational securi… (SI-3c.1., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational securi… (SI-3c.1., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational securi… (SI-3c.1., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational securi… (SI-3c.1., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • Use signatures or heuristics to detect malicious software. (M1049 Antivirus/Antimalware, MITRE ATT&CK®, Enterprise Mitigations, Version 13.1)
  • Procedures are in place to scan information assets that have been transferred or returned to the entity's custody for malware and other unauthorized software and to remove any items detected prior to its implementation on the network. (CC6.8 Scans Information Assets from Outside the Entity for Malware and Other Unauthorized Software, Trust Services Criteria)
  • Procedures are in place to scan information assets that have been transferred or returned to the entity's custody for malware and other unauthorized software and to remove any items detected prior to its implementation on the network. (CC6.8 ¶ 2 Bullet 5 Scans Information Assets from Outside the Entity for Malware and Other Unauthor-ized Software, Trust Services Criteria, (includes March 2020 updates))
  • Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. (§ 52.204-21 (b)(1)(xv), 48 CFR Part 52.204-21, Basic Safeguarding of Covered Contractor Information Systems)
  • Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. (SI.1.213, Cybersecurity Maturity Model Certification, Version 1.0, Level 1)
  • Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. (SI.1.213, Cybersecurity Maturity Model Certification, Version 1.0, Level 2)
  • Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. (SI.1.213, Cybersecurity Maturity Model Certification, Version 1.0, Level 3)
  • Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. (SI.1.213, Cybersecurity Maturity Model Certification, Version 1.0, Level 4)
  • Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. (SI.1.213, Cybersecurity Maturity Model Certification, Version 1.0, Level 5)
  • Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. (SI.L1-3.14.5 System & File Scanning, Cybersecurity Maturity Model Certification, Version 2.0, Level 1)
  • Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. (SI.L1-3.14.5 System & File Scanning, Cybersecurity Maturity Model Certification, Version 2.0, Level 2)
  • The agency shall employ virus protection mechanisms to detect and eradicate malicious code (e.g., viruses, worms, Trojan horses) at critical points throughout the network and on all workstations, servers and mobile computing devices on the network. The agency shall ensure malicious code protection i… (§ 5.10.4.2 ¶ 2, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8, Version 5.8)
  • The agency shall employ virus protection mechanisms to detect and eradicate malicious code (e.g., viruses, worms, Trojan horses) at critical points throughout the network and on all workstations, servers and mobile computing devices on the network. The agency shall ensure malicious code protection i… (§ 5.10.4.2 ¶ 2, Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Use the spam and spyware protection mechanisms to detect and take appropriate action on unsolicited messages and spyware/adware, respectively, transported by electronic mail, electronic mail attachments, Internet accesses, removable media (e.g. diskettes or compact disks) or other removable media as… (§ 5.10.4.3 ¶ 2 3., Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.9.1, Version 5.9.1)
  • Perform periodic scans of the information system [FedRAMP Assignment: at least weekly] and real-time scans of files from external sources at [FedRAMP Selection: to includeendpoints] as the files are downloaded, opened, or executed in accordance with organizational security policy; and (SI-3c.1. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Perform periodic scans of the information system [FedRAMP Assignment: at least weekly] and real-time scans of files from external sources at [FedRAMP Selection: to include endpoints] as the files are downloaded, opened, or executed in accordance with organizational security policy; and (SI-3c.1. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Perform periodic scans of the information system [FedRAMP Assignment: at least weekly] and real-time scans of files from external sources at [FedRAMP Selection: to include endpoints] as the files are downloaded, opened, or executed in accordance with organizational security policy; and (SI-3c.1. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Perform periodic scans of the system [FedRAMP Assignment: at least weekly] and real-time scans of files from external sources at [FedRAMP Assignment: to include endpoints and network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and (SI-3c.1., FedRAMP Security Controls High Baseline, Version 5)
  • Perform periodic scans of the system [FedRAMP Assignment: at least weekly] and real-time scans of files from external sources at [FedRAMP Assignment: to include endpoints and network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and (SI-3c.1., FedRAMP Security Controls Low Baseline, Version 5)
  • Perform periodic scans of the system [FedRAMP Assignment: at least weekly] and real-time scans of files from external sources at [FedRAMP Assignment: to include endpoints and network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and (SI-3c.1., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Perform periodic scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and (SI-3c.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Perform periodic scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and (SI-3c.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Perform periodic scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and (SI-3c.1., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Perform periodic scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and (SI-3c.1., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Perform periodic scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and (SI-3c.1., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Flow Down Controls)
  • Perform periodic scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and (SI-3c.1., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Perform periodic scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and (SI-3c.1., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational securi… (SI-3c.1. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational securi… (SI-3c.1. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational securi… (SI-3c.1. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Perform virus scanning on digital media. (T0285, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Perform static malware analysis. (T0288, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. (3.14.5, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171)
  • Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. (3.14.5, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171, Revision 1)
  • Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. (3.14.5, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171, Revision 2)
  • Perform virus scanning on digital media. (T0285, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational securi… (SI-3c.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational securi… (SI-3c.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational securi… (SI-3c.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational securi… (SI-3c.1., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Perform periodic scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and (SI-3c.1., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Perform periodic scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and (SI-3c.1., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • implement risk-based controls designed to protect against malicious code, including those that monitor and filter web traffic and electronic mail to block malicious content; and (§ 500.14 Monitoring and Training (a)(2), New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies, Second Amendment)
  • Perform periodic scans of the information system [TX-RAMP Assignment: at least weekly] and real-time scans of files from external sources at [to include endpoints] as the files are downloaded, opened, or executed in accordance with organizational security policy; and (SI-3c.1., TX-RAMP Security Controls Baseline Level 1)
  • Perform periodic scans of the information system [TX-RAMP Assignment: at least weekly] and real-time scans of files from external sources at [TX-RAMP Selection (one or more); to include endpoints] as the files are downloaded, opened, or executed in accordance with organizational security policy; and (SI-3c.1., TX-RAMP Security Controls Baseline Level 2)