CMMC Practice Requirement:

Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

CMMC Requirement Explanation:

Attackers may attempt to install malware on your systems. Once doing so, they can control your systems and access the data stored on them. Anti-malware software help prevents the installation of malware. It can also remove existing malware from a system.

Example CMMC Implementation:

Install anti-malware (aka Anti-Virus) software on your workstations and servers. Configure your anti-malware software to scan files from the internet. This includes when they are downloaded, opened, or executed. Configure your anti-malware software to periodically scan your systems. For example, a full system scan once a week every Friday at 5:00 PM.

Scenario(s):

- Scenario 1:

Example:

Alice wants to prevent malware from being installed on her company's computers. To achieve this she purchases an enterprise anti-malware solution. She installs the anti-malware software onto all her workstations and servers. Alice configures and deploys an anti-malware policy to her systems. The policy tells the anti-malware software to scan files downloaded from the internet. It also scans files before they are opened or executed. Alice's policy also tells the software to run a full system scan weekly every Friday at 5:00 PM.
An anti-malware program with a periodic weekly scan
An anti-malware program with a periodic weekly scan
 

Discover Our NIST SP 800-171 Solutions:

 /assets/images/compliance_accelerator_white.png

Compliance Accelerator

For contractors seeking compliance
 /assets/images/quantum_assessor_white.png

Quantum Assessor

For IT service providers
 /assets/images/supply_chain_logo_white.png

Supply Chain Verifier

For contractors seeking to verify partner compliance