CMMC Practice Requirement:

Update malicious code protection mechanisms when new releases are available.

CMMC Requirement Explanation:

In general, anti-malware software compares a file against a signature database to decide if the file is malicious. For anti-malware software to be effective the signature database must remain updated. If the signature database is outdated then it can not detect new malware.

Example CMMC Implementation:

Configure your anti-malware software to update its malware signature database. The updates should be periodic (e.g. every day at 8:00 AM) and automatic.

Scenario(s):

- Scenario 1:

Alice set up the anti-malware software on her computers to update their signature databases hourly.
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance