CMMC SI.1.212 – Update Malicious Code Protections
Requirement text:
SI.1.212: Update malicious code protection mechanisms when new releases are available.
DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2
Malicious code protection mechanisms include anti-virus signature definitions and reputation-based technologies. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. Pervasive configuration management and comprehensive software integrity controls may be effective in preventing execution of unauthorized code. In addition to commercial off-the-shelf software, malicious code may also be present in custom-built software. This could include logic bombs, back doors, and other types of cyber-attacks that could affect organizational missions/business functions. Traditional malicious code protection mechanisms cannot always detect such code. In these situations, organizations rely instead on other safeguards including secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to help ensure that software does not perform functions other.
CMMC CLARIFICATION
You can protect your company’s valuable IT systems by staying up to date on new security releases that stop malicious code and monitoring the system regularly. Malicious code is program code that is always changing, so it is important to always have up-to-date protections, such as anti-malware tools.
Example
You bought a new computer for your small business. You know that you need to protect your company’s information from viruses, spyware, etc. So, you also purchased and installed anti-malware software. You configure the software to automatically update to the latest antivirus code and definitions of all known malware.
Get Audit Ready
How
to pass? Make sure your computer antivirus and firewall threat
protection is eligible for updates by paying for the subscription. Make
sure all of your computers can download the antivirus definitions by
giving them regular internet access.
How to fail? Your shop
computer hasn’t downloaded new antivirus updates in a year because it
isn’t connected to the network. Or you didn’t renew the antivirus
subscription so the computers can’t download new definitions.
Reference
• FAR Clause 52.204-21 b.1.xiv
• NIST SP 800-171 Rev 1 3.14.4
• CIS Controls v7.1 8.2
• NIST CSF v1.1 DE.CM-4
• CERT RMM v1.2 VAR:SG3.SP1
• NIST SP 800-53 Rev 4 SI-3
Related Articles
CMMC SI.1.213 – Enable Malicious Code Scanning
Requirement text: SI.1.213: Perform periodic scans of information systems and real-time scans of files from external sources as files are downloaded, opened, or executed. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Periodic scans of ...CMMC SI.1.211 – Protect Information Systems from Malicious Code
Requirement text: SI.1.211: Provide protection from malicious code at appropriate locations within organizational information systems. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 Designated locations include system entry and exit points which ...CMMC SI.3.218 - Employ Spam Protections
Requirement text: SI.3.218: Employ spam protection mechanisms at information system access entry and exit points. DISCUSSION FROM SOURCE: CMMC Spam filtering is used to protect against unwanted, unsolicited, and often harmful emails from reaching end ...CMMC MA.3.116 - Check Maintenance Media for Malicious Code
Requirement text: MA.3.116: Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems. DISCUSSION FROM SOURCE: DRAFT NIST SP 800-171 R2 If, upon inspection of media containing ...CMMC SC.4.202 - Analyze Executable Code and Scripts
Requirement text: SC.4.202: Employ mechanisms to analyze executable code and scripts (e.g., sandbox) traversing Internet network boundaries or other organizationally defined boundaries. DISCUSSION FROM SOURCE: CMMC Advanced malicious executable code ...