800-53|SI-3a.

Title

MALICIOUS CODE PROTECTION

Description

Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code;

Reference Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.4 Set 'Allow hyperlinks in suspected phishing e- mail messages' to 'Disabled'WindowsCIS MS Office Outlook 2010 v1.0.0
1.6 Set 'Apply macro security settings to macros, add- ins and additional actions' to 'Enabled'WindowsCIS MS Office Outlook 2010 v1.0.0
1.9.8.4.3 Ensure 'Junk E-mail protection level: Select level:' is set to Enabled:HighWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.9.8.4.3 Ensure 'Junk E-mail protection level: Select level:' is set to Enabled:HighWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.11 Ensure anti-virus is installed and runningUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.13.4.1 Ensure 'Allow hyperlinks in suspected phishing e-mail messages' is set to DisabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.4.1 Ensure 'Allow hyperlinks in suspected phishing e-mail messages' is set to DisabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.4.2 Ensure 'Apply macro security settings to macros, add-ins and additional actions' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.13.4.2 Ensure 'Apply macro security settings to macros, add-ins and additional actions' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.9 Ensure 'Prevent users from customizing attachment security settings' is set to EnabledWindowsCIS Microsoft Office Outlook 2016 v1.1.0 Level 1
1.13.9 Ensure 'Prevent users from customizing attachment security settings' is set to EnabledWindowsCIS Microsoft Office Outlook 2013 v1.1.0 Level 1
1.23 Set 'Prevent users from customizing attachment security settings' to 'Enabled'WindowsCIS MS Office Outlook 2010 v1.0.0
2.5.10.8.4.3 Ensure 'Junk E-mail protection level' is set to 'Enabled: High'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
3.5 Ensure that SharePoint specific malware (i.e. anti-virus) protection software is integrated and configured - Attempt to cleanWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
3.5 Ensure that SharePoint specific malware (i.e. anti-virus) protection software is integrated and configured - Scan on downloadWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
3.5 Ensure that SharePoint specific malware (i.e. anti-virus) protection software is integrated and configured - Scan on uploadWindowsCIS Microsoft SharePoint 2016 OS v1.1.0
6.2 Ensure a secure antivirus profile is applied to all relevant security policiesPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.2 Ensure a secure antivirus profile is applied to all relevant security policiesPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.6 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the InternetPalo_AltoCIS Palo Alto Firewall 6 Benchmark L1 v1.0.0
6.6 Ensure a secure anti-spyware profile is applied to all security policies permitting traffic to the InternetPalo_AltoCIS Palo Alto Firewall 7 Benchmark L1 v1.0.0
6.13 Set 'Junk E- mail protection level: Select level:' to 'Enabled:High'WindowsCIS MS Office Outlook 2010 v1.0.0
18.9.77.14 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0
18.9.77.14 Ensure 'Turn off Windows Defender AntiVirus' is set to 'Disabled'WindowsCIS Windows 7 Workstation Level 1 v3.2.0
Allow hyperlinks in suspected phishing e-mail messagesWindowsMSCT M365 Apps for enterprise 2312 v1.0.0
Allow hyperlinks in suspected phishing e-mail messagesWindowsMicrosoft 365 Apps for Enterprise 2306 v1.0.0
Allow hyperlinks in suspected phishing e-mail messagesWindowsMSCT Office 2016 v1.0.0
Allow hyperlinks in suspected phishing e-mail messagesWindowsMSCT Office 365 ProPlus 1908 v1.0.0
Allow hyperlinks in suspected phishing e-mail messagesWindowsMSCT Microsoft 365 Apps for Enterprise 2112 v1.0.0
Allow hyperlinks in suspected phishing e-mail messagesWindowsMSCT Microsoft 365 Apps for Enterprise 2206 v1.0.0
Configure Windows Defender SmartScreenWindowsMSCT Windows 10 1803 v1.0.0
Configure Windows Defender SmartScreenWindowsMSCT Windows 10 1809 v1.0.0
Configure Windows Defender SmartScreen - EnabledV9WindowsMSCT Windows 10 1909 v1.0.0
Configure Windows Defender SmartScreen - EnabledV9WindowsMSCT Windows 10 v21H1 v1.0.0
Configure Windows Defender SmartScreen - EnabledV9WindowsMSCT Windows 10 1903 v1.19.9
Configure Windows Defender SmartScreen - EnabledV9WindowsMSCT Windows 10 v20H2 v1.0.0
Configure Windows Defender SmartScreen - EnabledV9WindowsMSCT Windows 10 v2004 v1.0.0
EX19-MB-000146 Exchange antimalware agent must be enabled and configured.WindowsDISA Microsoft Exchange 2019 Mailbox Server STIG v2r1
EX19-MB-000197 Exchange software must be monitored for unauthorized changes.WindowsDISA Microsoft Exchange 2019 Mailbox Server STIG v2r1
Fortigate - AV GraywareFortiGateTNS Fortigate FortiOS Best Practices v2.0.0
GEN006640 - The system must use a virus scan program.UnixDISA STIG AIX 6.1 v1r14
GEN006640 - The system must use and update a DoD-approved virus scan program - 'clean.dat'UnixDISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program - 'clean.dat' - update dateUnixDISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program - 'names.dat'UnixDISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program - 'names.dat' - update dateUnixDISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program - 'scan.dat'UnixDISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program - 'scan.dat' - update dateUnixDISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program - 'uvscan exists in crontabs'UnixDISA STIG AIX 5.3 v1r2
GEN006640 - The system must use and update a DoD-approved virus scan program.UnixDISA STIG for Red Hat Enterprise Linux 5 v1r18 Audit
GEN006650 - The Oracle Linux 5 operating system must use a virus scan program.UnixDISA STIG for Oracle Linux 5 v2r1
Junk E-mail protection levelWindowsMSCT Office 365 ProPlus 1908 v1.0.0