compliance controls are associated with this Policy definition 'Microsoft IaaSAntimalware extension should be deployed on Windows servers' (9b597639-28e4-48eb-b506-56b05d366257)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| AU_ISM |
1288 |
AU_ISM_1288 |
AU ISM 1288 |
Guidelines for Gateways - Content filtering |
Antivirus scanning - 1288 |
|
n/a |
Antivirus scanning, using multiple different scanning engines, is performed on all content. |
link |
3 |
| AU_ISM |
1417 |
AU_ISM_1417 |
AU ISM 1417 |
Guidelines for System Hardening - Operating system hardening |
Antivirus software - 1417 |
|
n/a |
Antivirus software is implemented on workstations and servers and configured with:
• signature-based detection enabled and set to a high level
• heuristic-based detection enabled and set to a high level
• detection signatures checked for currency and updated on at least a daily basis
• automatic and regular scanning configured for all fixed disks and removable media. |
link |
3 |
| CMMC_2.0_L2 |
SI.L1-3.14.2 |
CMMC_2.0_L2_SI.L1-3.14.2 |
404 not found |
|
|
|
n/a |
n/a |
|
14 |
| CMMC_2.0_L2 |
SI.L1-3.14.4 |
CMMC_2.0_L2_SI.L1-3.14.4 |
404 not found |
|
|
|
n/a |
n/a |
|
5 |
| CMMC_2.0_L2 |
SI.L1-3.14.5 |
CMMC_2.0_L2_SI.L1-3.14.5 |
404 not found |
|
|
|
n/a |
n/a |
|
6 |
| CMMC_L3 |
SI.1.211 |
CMMC_L3_SI.1.211 |
CMMC L3 SI.1.211 |
System and Information Integrity |
Provide protection from malicious code at appropriate locations within organizational information systems. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Designated locations include system entry and exit points which may include firewalls, remoteaccess servers, workstations, electronic mail servers, web servers, proxy servers, notebook computers, and mobile devices. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code can be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files, or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways including web accesses, electronic mail, electronic mail attachments, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities.
Malicious code protection mechanisms include anti-virus signature definitions and reputationbased technologies. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. Pervasive configuration management and comprehensive software integrity controls may be effective in preventing execution of unauthorized code. In addition to commercial off-the-shelf software, malicious code may also be present in custom-built software. This could include logic bombs, back doors, and other types of cyber-attacks that could affect organizational missions/business functions. Traditional malicious code protection mechanisms cannot always detect such code. In these situations, organizations rely instead on other safeguards including secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to help ensure that software does not perform functions other than the functions intended. |
link |
4 |
| CMMC_L3 |
SI.1.213 |
CMMC_L3_SI.1.213 |
CMMC L3 SI.1.213 |
System and Information Integrity |
Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Periodic scans of organizational systems and real-time scans of files from external sources can detect malicious code. Malicious code can be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files, or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways including web accesses, electronic mail, electronic mail attachments, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities. |
link |
10 |
| NIST_SP_800-171_R2_3 |
.14.2 |
NIST_SP_800-171_R2_3.14.2 |
NIST SP 800-171 R2 3.14.2 |
System and Information Integrity |
Provide protection from malicious code at designated locations within organizational systems. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Designated locations include system entry and exit points which may include firewalls, remote-access servers, workstations, electronic mail servers, web servers, proxy servers, notebook computers, and mobile devices. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code can be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files, or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways including web accesses, electronic mail, electronic mail attachments, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities. Malicious code protection mechanisms include anti-virus signature definitions and reputation-based technologies. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. Pervasive configuration management and comprehensive software integrity controls may be effective in preventing execution of unauthorized code. In addition to commercial off-the-shelf software, malicious code may also be present in custom-built software. This could include logic bombs, back doors, and other types of cyber-attacks that could affect organizational missions/business functions. Traditional malicious code protection mechanisms cannot always detect such code. In these situations, organizations rely instead on other safeguards including secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to help ensure that software does not perform functions other than the functions intended. [SP 800-83] provides guidance on malware incident prevention. |
link |
21 |
| NIST_SP_800-171_R2_3 |
.14.4 |
NIST_SP_800-171_R2_3.14.4 |
NIST SP 800-171 R2 3.14.4 |
System and Information Integrity |
Update malicious code protection mechanisms when new releases are available. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Malicious code protection mechanisms include anti-virus signature definitions and reputation-based technologies. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. Pervasive configuration management and comprehensive software integrity controls may be effective in preventing execution of unauthorized code. In addition to commercial off-the-shelf software, malicious code may also be present in custom-built software. This could include logic bombs, back doors, and other types of cyber-attacks that could affect organizational missions/business functions. Traditional malicious code protection mechanisms cannot always detect such code. In these situations, organizations rely instead on other safeguards including secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to help ensure that software does not perform functions other than the functions intended. |
link |
11 |
| NIST_SP_800-171_R2_3 |
.14.5 |
NIST_SP_800-171_R2_3.14.5 |
NIST SP 800-171 R2 3.14.5 |
System and Information Integrity |
Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. |
Shared |
Microsoft and the customer share responsibilities for implementing this requirement. |
Periodic scans of organizational systems and real-time scans of files from external sources can detect malicious code. Malicious code can be encoded in various formats (e.g., UUENCODE, Unicode), contained within compressed or hidden files, or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways including web accesses, electronic mail, electronic mail attachments, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities. |
link |
6 |
| RMiT_v1.0 |
Appendix_5.7 |
RMiT_v1.0_Appendix_5.7 |
RMiT Appendix 5.7 |
Control Measures on Cybersecurity |
Control Measures on Cybersecurity - Appendix 5.7 |
Customer |
n/a |
Ensure overall network security controls are implemented including the following:
(a) dedicated firewalls at all segments. All external-facing firewalls must be deployed on High Availability (HA) configuration and “fail-close” mode activated. Deploy different brand name/model for two firewalls located in sequence within the same network path;
(b) IPS at all critical network segments with the capability to inspect and monitor encrypted network traffic;
(c) web and email filtering systems such as web-proxy, spam filter and anti-spoofing controls;
(d) endpoint protection solution to detect and remove security threats including viruses and malicious software;
(e) solution to mitigate advanced persistent threats including zero-day and signatureless malware; and
(f) capture the full network packets to rebuild relevant network sessions to aid forensics in the event of incidents. |
link |
27 |
| SWIFT_CSCF_v2021 |
6.1 |
SWIFT_CSCF_v2021_6.1 |
SWIFT CSCF v2021 6.1 |
Detect Anomalous Activity to Systems or Transaction Records |
Malware Protection |
|
n/a |
Ensure that local SWIFT infrastructure is protected against malware. |
link |
4 |
| SWIFT_CSCF_v2022 |
6.1 |
SWIFT_CSCF_v2022_6.1 |
SWIFT CSCF v2022 6.1 |
6. Detect Anomalous Activity to Systems or Transaction Records |
Ensure that local SWIFT infrastructure is protected against malware and act upon results. |
Shared |
n/a |
Anti-malware software from a reputable vendor is installed, kept up-to-date on all systems, and results are considered for appropriate resolving actions. |
link |
31 |