Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems. 

Priority: Medium

Category: Maintenance 

Services Associated with AWS:   


Objective Evidence:   

  • Administrative: documented policies, standards & procedures
  • Administrative: supporting documentation to demonstrate how IT Asset Management (ITAM) is implemented
  • Administrative: supporting documentation to demonstrate change management practices reviewed/approved the maintenance request(s)
  • Administrative: supporting documentation of a Vulnerability & Patch Management Program (VPMP) that addresses preventative maintenance operations, including anti-malware and vulnerability scanning
  • Administrative: supporting documentation of role-based security training being performed
  • Administrative: supporting documentation of professional competence by individual(s) performing maintenance roles
  • Technical: screenshot of Configuration Management Database (CMDB) ticket 

Possible Technology Considerations : 

  • Antimalware Solution 

What needs to be answered :  

Are media that are provided by authorized maintenance personnel for troubleshooting, diagnostics, or other maintenance run through an anti-virus/anti-malware/anti-spyware program prior to use in the company’s information system? Are the results of the scans documented in the maintenance logs? 

  • Inspection of Media for Diagnostic and Test Programs
    Description: This check ensures that organizations have established procedures to inspect media containing maintenance diagnostic and test programs for malicious code before using them in organizational systems. The purpose of this check is to prevent the introduction of malicious code into systems through the use of maintenance media.

More Details:   

All media is scanned by diagnostic and anti-virus tools to ensure safety prior to execution.