Level 2


Description:

Periodic scans of organizational systems and real-time scans of files from external sources can detect malicious code. Malicious code can be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways including web accesses, electronic mail, electronic mail attachments, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities.


Priority: High


Domain:  SYSTEM AND INFORMATION INTEGRITY (SI) 


Category Vulnerability Management 


Services Associated with AWS:

  1. Amazon Inspector
  2. AWS Security Hub
  3. AWS Systems Manager
  4. AWS WA
  5. Amazon GuardDuty


Services Associated with Azure:

  1. Azure Monitor
  2. Azure Sentinel
  3. Azure Defender
  4. Azure Security Center


Objective Evidence:
  

  • Administrative: documented policies, standards & procedures
  • Administrative: supporting documentation to demonstrate the "secure practices" used to build technology platform-specific secure baseline configurations
  • Administrative: supporting documentation of how anti-malware solutions are deployed and maintained
  • Technical: screen shot of anti-malware configuration settings 


Possible Technology Considerations :  

  • Secure Baseline Configurations (SBC)
  • Antimalware Solution 


What needs to be answered?

Does the company perform periodic scans of the information system for malware? Are scans performed within the timeframe specified in the policy or within the system security plan? Does the company perform real-time scans of files from external sources as the files are downloaded, opened, or executed? Does the system disinfect and quarantine infected files?

Checks for AWS :

  • Periodic System Scanning Check

    Description: This check verifies that periodic scans of organizational systems are conducted to detect the presence of malicious code. It ensures that scanning tools or software are regularly used to perform comprehensive scans across the systems to identify any potential threats or vulnerabilities.

  •  Real-time File Scanning Check

    Description: This check ensures that files from external sources, such as downloads, email attachments, or executed files, are scanned in real-time to detect any malicious code. It verifies that scanning mechanisms are in place to automatically scan files as they are accessed or executed, providing immediate protection against potential threats.


Checks for AWS:


  • Periodic System Scanning Check:
    Description: This check verifies that periodic scans of organizational systems are conducted within the specified timeframe to detect the presence of malicious code. It ensures that scanning tools or software are regularly used to perform comprehensive scans across the systems, helping identify any potential threats or vulnerabilities.
  • Real-time File Scanning Check:
    Description: This check ensures that files from external sources, such as downloads, email attachments, or executed files, are scanned in real-time to detect any malicious code. It verifies that scanning mechanisms are in place to automatically scan files as they are accessed or executed, providing immediate protection against potential threats.
  • Secure Baseline Configurations (SBC) Check:
    Description: This check ensures that secure baseline configurations (SBC) are implemented on Azure resources. SBC defines a set of security settings and configurations that should be applied to systems and services to establish a secure starting point. It helps protect against common vulnerabilities and ensures consistent security across Azure resources.
  • Anti-Malware Solution Check:
    Description: This check verifies that an anti-malware solution is deployed and maintained in the Azure environment. It ensures that there is a documented strategy for deploying and managing anti-malware solutions to detect, prevent, and mitigate malware infections. This includes configuration settings, update schedules, and regular monitoring to ensure the solution is effective in protecting against malware threats.



More Details:

Periodic scans are performed on all systems within an organization.