CMMC Practice Requirement:

Update malicious code protection mechanisms when new releases are available.

CMMC Requirement Explanation:

In general, anti-malware software compares a file against a signature database to decide if the file is malicious. For anti-malware software to be effective the signature database must remain updated. If the signature database is outdated then it can not detect new malware.

Example CMMC Implementation:

Configure your anti-malware software to update its malware signature database. The updates should be periodic (e.g. every day at 8:00 AM) and automatic.


- Scenario 1:

Alice set up the anti-malware software on her computers to update their signature databases hourly.

Discover Our NIST SP 800-171 Solutions:


Compliance Accelerator

For contractors seeking compliance

Quantum Assessor

For IT service providers

Supply Chain Verifier

For contractors seeking to verify partner compliance