800-53|SI-3a.

Title

MALICIOUS CODE PROTECTION

Description

Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code;

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
1.4 Set 'Allow hyperlinks in suspected phishing e- mail messages' to 'Disabled'	Windows	CIS MS Office Outlook 2010 v1.0.0
1.6 Set 'Apply macro security settings to macros, add- ins and additional actions' to 'Enabled'	Windows	CIS MS Office Outlook 2010 v1.0.0
1.9.8.4.3 Ensure 'Junk E-mail protection level: Select level:' is set to Enabled:High	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.9.8.4.3 Ensure 'Junk E-mail protection level: Select level:' is set to Enabled:High	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.11 Ensure anti-virus is installed and running	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.13.4.1 Ensure 'Allow hyperlinks in suspected phishing e-mail messages' is set to Disabled	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.4.1 Ensure 'Allow hyperlinks in suspected phishing e-mail messages' is set to Disabled	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.4.2 Ensure 'Apply macro security settings to macros, add-ins and additional actions' is set to Enabled	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.4.2 Ensure 'Apply macro security settings to macros, add-ins and additional actions' is set to Enabled	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.9 Ensure 'Prevent users from customizing attachment security settings' is set to Enabled	Windows	CIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.9 Ensure 'Prevent users from customizing attachment security settings' is set to Enabled	Windows	CIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.23 Set 'Prevent users from customizing attachment security settings' to 'Enabled'	Windows	CIS MS Office Outlook 2010 v1.0.0
2.5.10.8.4.3 Ensure 'Junk E-mail protection level' is set to 'Enabled: High'	Windows	CIS Microsoft Office Enterprise v1.1.0 L1
2.5.14.4.2 Ensure 'Apply macro security settings to macros, add-ins and additional actions' is set to 'Enabled'	Windows	CIS Microsoft Office Enterprise v1.1.0 L1
3.5 Ensure that SharePoint specific malware (i.e. anti-virus) protection software is integrated and configured - Attempt to clean	Windows	CIS Microsoft SharePoint 2016 OS v1.1.0
3.5 Ensure that SharePoint specific malware (i.e. anti-virus) protection software is integrated and configured - Scan on download	Windows	CIS Microsoft SharePoint 2016 OS v1.1.0
3.5 Ensure that SharePoint specific malware (i.e. anti-virus) protection software is integrated and configured - Scan on upload	Windows	CIS Microsoft SharePoint 2016 OS v1.1.0
6.2 Ensure a secure antivirus profile is applied to all relevant security policies	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.2 Ensure a secure antivirus profile is applied to all relevant security policies	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.6 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the Internet	Palo_Alto	CIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.6 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the Internet	Palo_Alto	CIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.13 Set 'Junk E- mail protection level: Select level:' to 'Enabled:High'	Windows	CIS MS Office Outlook 2010 v1.0.0
18.9.77.14 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 v3.2.0
18.9.77.14 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'	Windows	CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
Allow hyperlinks in suspected phishing e-mail messages	Windows	MSCT Office 2016 v1.0.0
Allow hyperlinks in suspected phishing e-mail messages	Windows	MSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0
Allow hyperlinks in suspected phishing e-mail messages	Windows	MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0
Allow hyperlinks in suspected phishing e-mail messages	Windows	Microsoft 365 Apps for Enterprise 2306 v1.0.0
Allow hyperlinks in suspected phishing e-mail messages	Windows	MSCT Office 365 ProPlus 1908 v1.0.0
Configure Windows Defender SmartScreen	Windows	MSCT Windows 10 1803 v1.0.0
Configure Windows Defender SmartScreen	Windows	MSCT Windows 10 1809 v1.0.0
Configure Windows Defender SmartScreen - EnabledV9	Windows	MSCT Windows 10 1909 v1.0.0
Configure Windows Defender SmartScreen - EnabledV9	Windows	MSCT Windows 10 v2004 v1.0.0
Configure Windows Defender SmartScreen - EnabledV9	Windows	MSCT Windows 10 1903 v1.19.9
Configure Windows Defender SmartScreen - EnabledV9	Windows	MSCT Windows 10 v20H2 v1.0.0
Configure Windows Defender SmartScreen - EnabledV9	Windows	MSCT Windows 10 v21H1 v1.0.0
Fortigate - AV Grayware	FortiGate	TNS Fortigate FortiOS Best Practices v2.0.0
GEN006640 - The system must use a virus scan program.	Unix	DISA STIG AIX 6.1 v1r14
GEN006640 - The system must use and update a DoD-approved virus scan program - 'clean.dat'	Unix	DISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program - 'clean.dat' - update date	Unix	DISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program - 'names.dat'	Unix	DISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program - 'names.dat' - update date	Unix	DISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program - 'scan.dat'	Unix	DISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program - 'scan.dat' - update date	Unix	DISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program - 'uvscan exists in crontabs'	Unix	DISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program.	Unix	DISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN006650 - The Oracle Linux 5 operating system must use a virus scan program.	Unix	DISA STIG for Oracle Linux 5 v2r1
Junk E-mail protection level	Windows	MSCT Office 365 ProPlus 1908 v1.0.0
Junk E-mail protection level	Windows	MSCT Office 2016 v1.0.0
Junk E-mail protection level	Windows	MSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0

Detections

Analytics

800-53|SI-3a.

Title

Description

Reference Item Details

Audit Items