Periodic scans of organizational systems and real-time scans of files from external sources can detect malicious code. Malicious code can be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways including web accesses, electronic mail, electronic mail attachments, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities.

Priority: High

Category Vulnerability Management 

Services Associated with AWS:

  1. Amazon Inspector
  2. AWS Security Hub
  3. AWS Systems Manager
  4. AWS WA
  5. Amazon GuardDuty

Objective Evidence:

  • Administrative: documented policies, standards & procedures
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
  • Administrative: supporting documentation of how anti-malware solutions are deployed and maintained
  • Technical: screen shot of anti-malware configuration settings 

Possible Technology Considerations :  

  • Secure Baseline Configurations (SBC)
  • Antimalware Solution 

What needs to be answered?

Does the company perform periodic scans of the information system for malware? Are scans performed within the timeframe specified in the policy or within the system security plan? Does the company perform real-time scans of files from external sources as the files are downloaded, opened, or executed? Does the system disinfect and quarantine infected files?

  • Periodic System Scanning Check

    Description: This check verifies that periodic scans of organizational systems are conducted to detect the presence of malicious code. It ensures that scanning tools or software are regularly used to perform comprehensive scans across the systems to identify any potential threats or vulnerabilities.

  •  Real-time File Scanning Check

    Description: This check ensures that files from external sources, such as downloads, email attachments, or executed files, are scanned in real-time to detect any malicious code. It verifies that scanning mechanisms are in place to automatically scan files as they are accessed or executed, providing immediate protection against potential threats."

More Details:

Periodic scans are performed on all systems within an organization.