Hardware and Software Inventory

How to Meet Requirements 3.6.3 and IR.3.099: Test the organizational incident response capability.

Omer Aslim selfie
By: Omer Kaan Aslim
November 02, 2021
Learn how to “Test the organizational incident response capability” to meet NIST SP 800-171 3.6.3 and CMMC IR.3.099 requirements.

How to Test your incident response capability

Malicious code is software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system.
Anti-Malware software is used to protect a system such as a laptop or server from malicious code. Anti-malware software vendors include MalwareBytes, Defender, and Norton.

What are the NIST SP 800-171 & CMMC Malicious Code Protection Requirements?

Malicious Code Protection
NIST SP 800-171 3.14.2 & CMMC SI.1.211: "Provide protection from malicious code at appropriate locations within organizational information systems."
To meet this requirement You need to install anti-malware software on your laptops, desktops, and servers. If you have smartphones or tablets that you provide your employees, you should install anti-malware software on them. You should also configure your email gateway to block emails containing malware.
NIST SP 800-171 3.14.4 & CMMC - SI.1.212: "Provide protection from malicious code at appropriate locations within organizational information systems."
To meet this requirement You need to install anti-malware software on your laptops, desktops, and servers. If you have smartphones or tablets that you provide your employees, you should install anti-malware software on them. You should also configure your email gateway to block emails containing malware.
NIST SP 800-171 3.14.4 & CMMC - SI.1.212: "Update malicious code protection mechanisms when new releases are available."
To meet this requirement you need to configure your anti-malware solution to update it’s signature database when a new release is available. Some solutions automatically receive signature database updates, others may be configured to check for them periodically (e.g., hourly or daily).
NIST SP 800-171 3.14.5 & CMMC SI.1.213: "Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed."
To meet this requirement uou need to configure your anti-malware solution to perform periodic scans of your systems. This can be in the form of a daily quick scan combined with a weekly full scan, it is up to you to set the frequency. You need to configure your anti-malware solution to perform real time scans. According to the anti-malware software vendor McAfee “Real-time scanning checks files for viruses each time you or your PC accesses them.” Most anti-malware solutions have this capability, you need to ensure that it is activated.
 
 
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance