N
|
controlSI-3

Malicious Code Protection (SI-3)

Implement [organization-defined] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy and procedures; Configure malicious code protection mechanisms to: Address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availabi

Security Baselines

LOWMODERATEHIGH
integritymalwareflaw-remediationmonitoring

Why These Connect

Baselined In3

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports53

These related controls work together — a change to one may affect the others.

Mitigates18

This control helps defend against or reduce the risk of the linked threat technique.

Enhances10

These enhancements add specific capabilities or refinements to the base control.

Related Controls(32)

AC-19Access Control for Mobile Devices (AC-19)
LMH
AU-2Event Logging (AU-2)
LMH
AU-6Audit Record Review, Analysis, and Reporting (AU-6)
LMH
AU-12Audit Record Generation (AU-12)
LMH
CA-2Control Assessments (CA-2)
LMH
CA-7Continuous Monitoring (CA-7)
LMH
CM-3Configuration Change Control (CM-3)
MH
IR-4Incident Handling (IR-4)
LMH
IR-5Incident Monitoring (IR-5)
LMH
PM-31Continuous Monitoring Strategy (PM-31)RA-5Vulnerability Monitoring and Scanning (RA-5)
LMH
SA-24Design For Cyber Resiliency (SA-24)SC-12Cryptographic Key Establishment and Management (SC-12)
LMH
SC-13Cryptographic Protection (SC-13)
LMH
SC-18Mobile Code (SC-18)
MH
SC-26Decoys (SC-26)SC-28Protection of Information at Rest (SC-28)
MH
SC-35External Malicious Code Identification (SC-35)SC-37Out-of-band Channels (SC-37)SC-44Detonation Chambers (SC-44)SI-2Flaw Remediation (SI-2)
LMH
AC-4Information Flow Enforcement (AC-4)
MH
CM-8System Component Inventory (CM-8)
LMH
MA-3Maintenance Tools (MA-3)
MH
MA-4Nonlocal Maintenance (MA-4)
LMH
PL-9Central Management (PL-9)SC-7Boundary Protection (SC-7)
LMH
SC-23Session Authenticity (SC-23)
MH
SI-4System Monitoring (SI-4)
LMH
SI-7Software, Firmware, and Information Integrity (SI-7)
MH
SI-8Spam Protection (SI-8)
MH
SI-15Information Output Filtering (SI-15)

Threat Coverage(18 ATT&CK techniques)

T1566PhishingT1190Exploit Public-Facing ApplicationT1059Command and Scripting InterpreterT1203Exploitation for Client ExecutionT1204User ExecutionT1068Exploitation for Privilege EscalationT1027Obfuscated Files or InformationT1562Impair DefensesT1036MasqueradingT1570Lateral Tool TransferT1560Archive Collected DataT1071Application Layer ProtocolT1105Ingress Tool TransferT1041Exfiltration Over C2 ChannelT1048Exfiltration Over Alternative ProtocolT1486Data Encrypted for ImpactT1485Data DestructionT1598Phishing for Information

Control Enhancements(10)

SI-3(1)Central Management (SI-3(1))W
SI-3(2)Automatic Updates (SI-3(2))W
SI-3(3)Non-privileged Users (SI-3(3))W
SI-3(4)Updates Only by Privileged Users (SI-3(4))
SI-3(5)Portable Storage Devices (SI-3(5))W
SI-3(6)Testing and Verification (SI-3(6))
SI-3(7)Nonsignature-based Detection (SI-3(7))W
SI-3(8)Detect Unauthorized Commands (SI-3(8))
SI-3(9)Authenticate Remote Commands (SI-3(9))W
SI-3(10)Malicious Code Analysis (SI-3(10))

See Also

@SP 800-53 OverviewCompare Baselines