800-53|SI-3c.1.

Title

MALICIOUS CODE PROTECTION

Description

Perform periodic scans of the information system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more); endpoint; network entry/exit points] as the files are downloaded, opened, or executed in accordance with organizational security policy; and

Reference Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

Family: SYSTEM AND INFORMATION INTEGRITY

Baseline Impact: LOW,MODERATE,HIGH

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.2 Set 'Prevent Bypassing SmartScreen Filter Warnings' to 'Enabled'WindowsCIS IE 9 v1.0.0
1.3 Set 'Prevent Bypassing SmartScreen Filter Warnings' to 'Enabled'WindowsCIS IE 10 v1.1.0
1.3 Set 'Prevent Bypassing SmartScreen Filter Warnings' to 'Enabled'WindowsCIS IE 11 v1.0.0
1.4.7.5 Ensure' Scan Encrypted Macros in Excel Open XML Workbooks' is set to Enable (Scan encrypted macros (default))WindowsCIS Microsoft Office Excel 2016 v1.0.1
1.4.7.5 Ensure' Scan Encrypted Macros in Excel Open XML Workbooks' is set to Enable (Scan encrypted macros (default))WindowsCIS Microsoft Office Excel 2013 v1.0.1
1.6.6.4 Ensure 'Scan Encrypted Macros in PowerPoint Open XML Presentations' is set to Enabled (Scan Encrypted Macros)WindowsCIS Microsoft Office PowerPoint 2013 v1.0.1
1.6.6.4 Ensure 'Scan Encrypted Macros in PowerPoint Open XML Presentations' is set to Enabled (Scan Encrypted Macros)WindowsCIS Microsoft Office PowerPoint 2016 v1.0.1
1.8.7.2.4 Ensure 'Scan Encrypted Macros in Word Open XML Documents' to EnabledWindowsCIS Microsoft Office Word 2013 v1.1.0
1.8.7.2.4 Ensure 'Scan Encrypted Macros in Word Open XML Documents' to EnabledWindowsCIS Microsoft Office Word 2016 v1.1.0
2.3.27.19 Ensure 'Suppress hyperlink warnings' is set to 'Disabled'WindowsCIS Microsoft Office Enterprise v1.2.0 L1
2.25.4 Ensure 'Suppress Hyperlink Warnings' is set to DisabledWindowsCIS Microsoft Office 2016 v1.1.0
4.3 Set OCSP Use PolicyWindowsCIS Mozilla Firefox 102 ESR Windows L2 v1.0.0
4.3 Set OCSP Use PolicyUnixCIS Mozilla Firefox 102 ESR Linux L2 v1.0.0
4.4 Set OCSP Use PolicyUnixCIS Mozilla Firefox 38 ESR Linux L2 v1.0.0
4.4 Set OCSP Use PolicyWindowsCIS Mozilla Firefox 38 ESR Windows L2 v1.0.0
5.1.23 Set 'Suppress hyperlink warnings' to 'Disabled'WindowsCIS MS Office Outlook 2010 v1.0.0
8.1 Enable Virus Scanning for DownloadsUnixCIS Mozilla Firefox 38 ESR Linux L1 v1.0.0
8.3.25 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.3.25 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.3.30 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 9 v1.0.0
8.4.1 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 9 v1.0.0
8.4.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.4.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.5.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 9 v1.0.0
8.6.1 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 9 v1.0.0
8.6.1 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.6.1 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.7.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.7.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 9 v1.0.0
8.7.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.8.1 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 9 v1.0.0
8.8.3 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.8.3 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.9.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.9.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
8.10.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 11 v1.0.0
8.10.2 Set 'Use SmartScreen Filter' to 'Enabled:Enable'WindowsCIS IE 10 v1.1.0
Configure monitoring for incoming and outgoing file and program activityWindowsMSCT Windows 11 v24H2 v1.0.0
Configure monitoring for incoming and outgoing file and program activityWindowsMSCT Windows 11 v23H2 v1.0.0
DTAM001 - McAfee VirusScan On-Access General Policies must be configured to enable on-access scanning at system startup.WindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM001 - McAfee VirusScan On-Access Scanner General Settings must be configured to enable on-access scanning at system startup.WindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM002 - McAfee VirusScan On-Access General Policies must be configured to scan boot sectors.WindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM002 - McAfee VirusScan On-Access Scanner General Settings must be configured to scan boot sectors.WindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM003 - McAfee VirusScan On-Access General Policies must be configured to scan floppy during shutdown.WindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM003 - McAfee VirusScan On-Access Scanner General Settings must be configured to scan floppy during shutdown.WindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM005 - McAfee VirusScan On-Access General Policies must be configured to prevent users from removing messages from the list.WindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM005 - McAfee VirusScan On-Access Scanner General Settings must be configured to prevent users from removing messages from the list.WindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM009 - McAfee VirusScan On-Access General Policies must be configured to log the scan sessions.WindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1
DTAM009 - McAfee VirusScan On-Access Scanner General Settings must be configured to log the scan sessions.WindowsDISA McAfee VirusScan 8.8 Local Client STIG v6r1
DTAM010 - McAfee VirusScan On-Access General Policies log file size must be restricted and be configured to at least 10MB - bLimitSizeWindowsDISA McAfee VirusScan 8.8 Managed Client STIG v6r1