Designated locations include system entry and exit points which may include firewalls, remote-access servers, workstations, electronic mail servers, web servers, proxy servers, notebook computers, and mobile devices. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code can be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files, or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways including web accesses, electronic mail, electronic mail attachments, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities.  Malicious code protection mechanisms include anti-virus signature definitions and reputation-based technologies. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. Pervasive configuration management and comprehensive software integrity controls may be effective in preventing execution of unauthorized code. In addition to commercial off-the-shelf software, malicious code may also be present in custom-built software. This could include logic bombs, back doors, and other types of cyber-attacks that could affect organizational missions/business functions. Traditional malicious code protection mechanisms cannot always detect such code. In these situations, organizations rely instead on other safeguards including secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to help ensure that software does not perform functions other than the functions intended. [SP 800-83] provides guidance on malware incident prevention.

Priority: High

Category Vulnerability Management 

Services Associated with AWS:

  1. AWS WAF
  2. AWS Firewall Manager
  3. Amazon GuardDuty
  4. AWS Config
  5. AWS Systems Manager
  6. Amazon Inspector

Objective Evidence:

  • Administrative: documented policies, standards & procedures
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
  • Administrative: supporting documentation of how anti-malware solutions are deployed and maintained
  • Technical: screen shot of anti-malware configuration settings 

Possible Technology Considerations

  • Secure Baseline Configurations (SBC)
  • Network / Host Firewall
  • Network / Host Intrusion Prevention System (NIPS / HIPS)
  • Antimalware Solution 

What needs to be answered?

Does the company employ malicious code protection mechanisms at system entry and exit points to minimize the presence of malicious code? System entry and exit points may include firewalls, electronic mail servers, web servers, proxy servers, remote- access servers, workstations, notebook computers, and mobile devices. Does the system automatically update malicious code protection mechanisms?

  • Malicious Code Protection at Entry and Exit Points Check
    Description: This check ensures that designated locations within organizational systems, such as firewalls, remote-access servers, workstations, email servers, web servers, and mobile devices, are protected from malicious code. It verifies that anti-virus signature definitions and reputation-based technologies are in place to detect and prevent the execution of malicious code at these entry and exit points.
  • Comprehensive Malicious Code Protection Check
    Description: This check verifies that comprehensive protection mechanisms are implemented to defend against malicious code across the entire system. It ensures that pervasive configuration management and software integrity controls are in place to prevent the execution of unauthorized code. It also verifies that secure coding practices, trusted procurement processes, and monitoring practices are employed to mitigate the risks associated with custom-built software.

More Details:

Malicious code protection in place for all CUI containing systems.