CMMC 2.0 • LEVEL 2 • SYSTEM & INFORMATION INTEGRITY
SI.L2-3.14.2 — Malicious Code Protection
Implement malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code. Update malicious code protection mechanisms as new releases are available in accordance with configuration management policies and procedures. Configure malicious code protection mechanisms to: Perform scans of the system real-time/on-access scanning: continuous; scheduled full scans: weekly; signature/definition updates: daily (automatic, no older than 7 days)CMMC/STIG and real-time scans of files from external sources at endpoints or system entry and exit points as the files are downloaded, opened, or executed; and Block malicious code, quarantine malicious code, or take other mitigation actions in response to malicious code detection.
Assessment Objectives
- malicious code protection mechanisms are implemented at system entry and exit points to detect malicious code.
- malicious code protection mechanisms are implemented at system entry and exit points to eradicate malicious code.
- malicious code protection mechanisms are updated as new releases are available in accordance with configuration management policy and procedures.
- malicious code protection mechanisms are configured to perform scans of the system real-time/on-access scanning: continuous; scheduled full scans: weekly; signature/definition updates: daily (automatic, no older than 7 days)CMMC/STIG.
- malicious code protection mechanisms are configured to block malicious code, quarantine malicious code, or take other actions in response to malicious code detection.
- malicious code protection mechanisms are configured to perform real-time scans of files from external sources at endpoints or system entry and exit points as the files are downloaded, opened, or executed.
Practitioner Notes
Practitioner commentary coming soon.