The third Practice within the System and Information Security, also falling under the Capability, C041, Identify Malicious Content, is SI.1.212 – Update Malicious Code Protection Mechanisms When New Releases are Available. This Practice focuses on ensuring you protect your IT system with new security releases and monitoring your system regularly. You can find the Practice in the CMMC Appendix B on page B-240 (Page 280 of the PDF). Here is the content from Appendix B:
Discussion from Source: NIST SP 800-171, R2:
Malicious code protection mechanisms include antivirus signature definitions and reputation-based technologies. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. Pervasive configuration management and comprehensive software integrity controls may be effective in preventing execution of unauthorized code in addition to commercial off-the-shelf software. Malicious code may also be present in custom-built software. This could include logic bombs, back doors, and other types of cyber attacks that could affect organizational missions/business functions. Traditional malicious code protection mechanisms cannot always detect such code. In these situations, organizations rely instead on other safeguards including secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to help ensure that software does not perform functions other than intended.
CMMC Clarification:
You can protect your company’s valuable IT systems by staying up to date on new security releases that stop malicious code and monitoring the system regularly. Malicious code is program code that is always changing, so it is important to always have up-to-date protections, such as anti-malware tools.
Example
You bought a new computer for your small business. You know that you need to protect your companies information from viruses, spyware, etc. So, you also purchased and installed anti-malware software. You configure the software to automatically update to the latest antivirus code and definitions of all known malware.
In our next entry, we explore the final Practice within CMMC Level 1, SI.1.213 – Perform periodic scans of information systems and real-time scans of files from external sources as files are downloaded, opened or executed.
Until next time…
Mark Lupo, MBCP, SMP