Description
The information system implements malicious code protection.\n
Supplemental Guidance
The organization employs malicious code protection mechanisms at critical information system entry and exit points (e.g., firewalls, electronic mail servers, web servers, proxy servers, remote-access servers) and at workstations, servers, or mobile computing devices on the network. The organization uses the malicious code protection mechanisms to detect and eradicate malicious code (e.g., viruses, worms, Trojan horses, spyware) transported: (i) by electronic mail, electronic mail attachments, Internet accesses, removable media (e.g., USB devices, diskettes or compact disks), or other common means; or (ii) by exploiting information system vulnerabilities. The organization updates malicious code protection mechanisms (including the latest virus definitions) whenever new releases are available in accordance with organizational configuration management policy and procedures. The organization considers using malicious code protection software products from multiple vendors (e.g., using one vendor for boundary devices and servers and another vendor for workstations). The organization also considers the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system. NIST Special Publication 800-83 provides guidance on implementing malicious code protection.\n
Changes from Rev 4
Parameter adds '[Selection (one or more): signature based; non-signature based]'; another parameter adds requirement to send an alert to specified personnel Parameter selection eliminates option to send an alert to specified personnel and adds option to take specified action Discussion expanded to explain signature- and non-signature-based technologies Incorporates withdrawn controls SI-3(2) and SI-3(7)
Enhancements
\n