800-53|SI-3c.1.

Title

MALICIOUS CODE PROTECTION

Description

Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and

Reference Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 Set 'Prevent Bypassing SmartScreen Filter Warnings' to 'Enabled'WindowsCIS IE 9 v1.0.0
1.3 Set 'Prevent Bypassing SmartScreen Filter Warnings' to 'Enabled'WindowsCIS IE 11 v1.0.0
1.3 Set 'Prevent Bypassing SmartScreen Filter Warnings' to 'Enabled'WindowsCIS IE 10 v1.1.0
1.4.7.5 Ensure' Scan Encrypted Macros in Excel Open XML Workbooks' is set to Enable (Scan encrypted macros (default))WindowsCIS Microsoft Office Excel 2016 v1.0.1
1.4.7.5 Ensure' Scan Encrypted Macros in Excel Open XML Workbooks' is set to Enable (Scan encrypted macros (default))WindowsCIS Microsoft Office Excel 2013 v1.0.1
1.6.6.4 Ensure 'Scan Encrypted Macros in PowerPoint Open XML Presentations' is set to Enabled (Scan Encrypted Macros)WindowsCIS Microsoft Office PowerPoint 2013 v1.0.1
1.6.6.4 Ensure 'Scan Encrypted Macros in PowerPoint Open XML Presentations' is set to Enabled (Scan Encrypted Macros)WindowsCIS Microsoft Office PowerPoint 2016 v1.0.1
1.8.7.2.4 Ensure 'Scan Encrypted Macros in Word Open XML Documents' to EnabledWindowsCIS Microsoft Office Word 2013 v1.1.0
1.8.7.2.4 Ensure 'Scan Encrypted Macros in Word Open XML Documents' to EnabledWindowsCIS Microsoft Office Word 2016 v1.1.0
2.3.27.19 Ensure 'Suppress hyperlink warnings' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.1.0 L1
2.25.4 Ensure 'Suppress Hyperlink Warnings' is set to DisabledWindowsCIS Microsoft Office 2016 v1.1.0
4.3 Set OCSP Use PolicyWindowsCIS Mozilla Firefox 102 ESR Windows L2 v1.0.0
4.3 Set OCSP Use PolicyUnixCIS Mozilla Firefox 102 ESR Linux L2 v1.0.0
4.4 Set OCSP Use PolicyWindowsCIS Mozilla Firefox 38 ESR Windows L2 v1.0.0
4.4 Set OCSP Use PolicyUnixCIS Mozilla Firefox 38 ESR Linux L2 v1.0.0
5.1.23 Set 'Suppress hyperlink warnings' to 'Disabled'WindowsCIS MS Office Outlook 2010 v1.0.0
8.1 Enable Virus Scanning for DownloadsUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
8.3.25 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.3.25 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.3.30 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 9 v1.0.0
8.4.1 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 9 v1.0.0
8.4.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.4.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.5.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 9 v1.0.0
8.6.1 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.6.1 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 9 v1.0.0
8.6.1 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.7.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 9 v1.0.0
8.7.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.7.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.8.1 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 9 v1.0.0
8.8.3 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.8.3 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.9.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.9.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.10.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.10.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
18.9.47.9.1 Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L1 v2.4.0
18.9.47.9.1 Ensure 'Scan all downloaded files and attachments' is set to 'Enabled'WindowsCIS Windows Server 2012 MS L1 v2.4.0
18.9.47.9.2 Ensure 'Turn off real-time protection' is set to 'Disabled'WindowsCIS Windows Server 2012 MS L1 v2.4.0
18.9.47.9.2 Ensure 'Turn off real-time protection' is set to 'Disabled'WindowsCIS Windows Server 2012 DC L1 v2.4.0
18.9.47.9.4 Ensure 'Turn on script scanning' is set to 'Enabled'WindowsCIS Windows Server 2012 MS L1 v2.4.0
18.9.47.9.4 Ensure 'Turn on script scanning' is set to 'Enabled'WindowsCIS Windows Server 2012 DC L1 v2.4.0
Configure monitoring for incoming and outgoing file and program activityWindowsMSCT Windows 11 v23H2 v1.0.0
DTAM001 - McAfee VirusScan On-Access General Policies must be configured to enable on-access scanning at system startup.WindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM001 - McAfee VirusScan On-Access Scanner General Settings must be configured to enable on-access scanning at system startup.WindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM002 - McAfee VirusScan On-Access General Policies must be configured to scan boot sectors.WindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM002 - McAfee VirusScan On-Access Scanner General Settings must be configured to scan boot sectors.WindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM003 - McAfee VirusScan On-Access General Policies must be configured to scan floppy during shutdown.WindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM003 - McAfee VirusScan On-Access Scanner General Settings must be configured to scan floppy during shutdown.WindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1