Reference: CMMC 2.0
Family: SI
Level Introduced: 1
Title: Malicious Code Protection
Practice:
Provide protection from malicious code at appropriate locations within organizational information systems.
CMMC Clarification:
You can protect your company's valuable IT system by stopping malicious code at designated locations in your system. Malicious code is program code that purposefully creates an unauthorized function or process that will have a negative impact on the confidentiality, integrity, or availability of an information system. A designated location may be your network device or your computer.
Malicious code includes the following, which can be hidden in email, email attachments, web access:
• viruses, programs designed to damage, steal information, change data, send email, show messages, or any combination of these things;
• spyware, a program designed to gather information about a person's activity in secret, and is usually installed without the person knowing when they click on a link; and
• a trojan horse, a type of malware made to look like legitimate/real software, and used by cyber criminals to get access to a company's systems.
By using anti-malware tools, you can stop or lessen the impact of malicious code.
Example
You are buying a new computer for your small business and want to protect your company's information from viruses, spyware, etc. You buy and install anti-malware software.
Implementation Strategies
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-171 Requirements (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.
NIST 800-53 Controls (1)
This is for registered users only. Please sign up for a free account, or Login, to see complete cross references to other standards and frameworks.