800-53|SI-3(10)

Title

MALICIOUS CODE ANALYSIS

Description

The organization:

Supplemental

The application of selected malicious code analysis tools and techniques provides organizations with a more in-depth understanding of adversary tradecraft (i.e., tactics, techniques, and procedures) and the functionality and purpose of specific instances of malicious code. Understanding the characteristics of malicious code facilitates more effective organizational responses to current and future threats. Organizations can conduct malicious code analyses by using reverse engineering techniques or by monitoring the behavior of executing code.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Category: SYSTEM AND INFORMATION INTEGRITY

Parent Title: MALICIOUS CODE PROTECTION

Family: SYSTEM AND INFORMATION INTEGRITY

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
8.4.2 Control VMsafe Agent Address	VMware	CIS VMware ESXi 5.5 v1.2.0 Level 1
8.4.2 Control VMsafe Agent Address	VMware	CIS VMware ESXi 5.1 v1.0.1 Level 1
8.4.2 Ensure VMsafe Agent Address is configured correctly	VMware	CIS VMware ESXi 6.7 v1.1.0 Level 1
8.4.3 Control VMsafe Agent Port	VMware	CIS VMware ESXi 5.5 v1.2.0 Level 1
8.4.3 Control VMsafe Agent Port	VMware	CIS VMware ESXi 5.1 v1.0.1 Level 1
8.4.3 Ensure VMsafe Agent Port is configured correctly	VMware	CIS VMware ESXi 6.7 v1.1.0 Level 1
8.4.4 Control VMsafe Agent Configuration	VMware	CIS VMware ESXi 5.1 v1.0.1 Level 1
8.4.4 Control VMsafe Agent Configuration	VMware	CIS VMware ESXi 5.5 v1.2.0 Level 1
8.4.4 Ensure VMsafe Agent is configured correctly	VMware	CIS VMware ESXi 6.7 v1.1.0 Level 1
CNTR-K8-002720 - Kubernetes must contain the latest updates as authorized by IAVMs, CTOs, DTMs, and STIGs.	Unix	DISA STIG Kubernetes v2r1
Send file samples when further analysis is required	Windows	MSCT MSCT Windows Server 2022 DC v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows Server v20H2 MS v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows Server v1909 MS v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows Server 2016 MS v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows 10 v1709 v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows 10 v20H2 v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows 10 v21H1 v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows 10 v22H2 v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows Server 2016 DC v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows Server 1903 MS v1.19.9
Send file samples when further analysis is required	Windows	MSCT Windows Server v1909 DC v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows Server v2004 DC v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows 10 v21H2 v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows 11 v22H2 v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows 10 1607 v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows 10 v1703 v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows Server 2019 DC v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows Server v20H2 DC v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows 11 v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows 10 1809 v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows 10 1903 v1.19.9
Send file samples when further analysis is required	Windows	MSCT Windows 10 1909 v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows 10 v2004 v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows Server 1903 DC v1.19.9
Send file samples when further analysis is required	Windows	MSCT Windows Server 2019 MS v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows Server 2022 v1.0.0
Send file samples when further analysis is required	Windows	MSCT Windows Server v2004 MS v1.0.0
Send file samples when further analysis is required - SubmitSamplesConsent	Windows	MSCT Windows 10 1803 v1.0.0
VM : verify-vmsafe-cpumem-agentaddress	VMware	VMWare vSphere 5.X Hardening Guide
VM : verify-vmsafe-cpumem-agentport	VMware	VMWare vSphere 5.X Hardening Guide
VM : verify-vmsafe-cpumem-enable	VMware	VMWare vSphere 5.X Hardening Guide
WNDF-AV-000011 - Windows Defender AV must be configured to only send safe samples for MAPS telemetry.	Windows	DISA STIG Windows Defender Antivirus v2r3
WNDF-AV-000011 - Windows Defender AV must be configured to only send safe samples for MAPS telemetry.	Windows	DISA STIG Windows Defender Antivirus v1r9
WNDF-AV-000011 - Windows Defender AV must be configured to only send safe samples for MAPS telemetry.	Windows	DISA STIG Windows Defender Antivirus v2r2

Detections

Analytics