Az Policy Advertizer

Canada_Federal_PBMM_3-1-2020_SI_3

SI_3

Canada Federal PBMM 3-1-2020 SI 3

Malicious Code Protection

Shared

1. The organization employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code. 2. The organization updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures. 3. The organization configures malicious code protection mechanisms to: a. Perform periodic scans of the information system at least weekly and real-time scans of files from external sources at endpoints and network entry/exit points as the files are downloaded, opened, or executed in accordance with organizational security policy; and b. Block and quarantine malicious code; send alert to the key role as defined in the system and information integrity policy in response to malicious code detection. 4. The organization addresses the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the information system.

To mitigate potential impacts on system availability.

Canada_Federal_PBMM_3-1-2020_SI_3(1)

SI_3(1)

Canada Federal PBMM 3-1-2020 SI 3(1)

Malicious Code Protection

Malicious Code Protection | Central Management

Shared

The organization centrally manages malicious code protection mechanisms.

To centrally manage malicious code protection mechanisms.

Canada_Federal_PBMM_3-1-2020_SI_3(2)

SI_3(2)

Canada Federal PBMM 3-1-2020 SI 3(2)

Malicious Code Protection

Malicious Code Protection | Automatic Updates

Shared

The information system automatically updates malicious code protection mechanisms.

To ensure automatic updates in malicious code protection mechanisms.

Canada_Federal_PBMM_3-1-2020_SI_3(7)

SI_3(7)

Canada Federal PBMM 3-1-2020 SI 3(7)

Malicious Code Protection

Malicious Code Protection | Non Signature-Based Detection

Shared

The information system implements non-signature-based malicious code detection mechanisms.

To enhance overall security posture.

Canada_Federal_PBMM_3-1-2020_SI_8(1)

SI_8(1)

Canada Federal PBMM 3-1-2020 SI 8(1)

Spam Protection

Spam Protection | Central Management of Protection Mechanisms

Shared

The organization centrally manages spam protection mechanisms.

To enhance overall security posture.

CMMC_L2_v1.9.0

SI.L1_3.14.2

CMMC_L2_v1.9.0_SI.L1_3.14.2

Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.2

System and Information Integrity

Malicious Code Protection

Shared

Provide protection from malicious code at appropriate locations within organizational information systems.

To the integrity, confidentiality, and availability of information assets.

CMMC_L2_v1.9.0

SI.L1_3.14.4

CMMC_L2_v1.9.0_SI.L1_3.14.4

Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.4

System and Information Integrity

Update Malicious Code Protection

Shared

Update malicious code protection mechanisms when new releases are available.

To effectively defend against new and evolving malware threats, minimize the risk of infections, and maintain the security of their information systems and data.

CMMC_L2_v1.9.0

SI.L1_3.14.5

CMMC_L2_v1.9.0_SI.L1_3.14.5

Cybersecurity Maturity Model Certification (CMMC) Level 2 v1.9.0 SI.L1 3.14.5

System and Information Integrity

System & File Scanning

Shared

Perform periodic scans of the information system and real time scans of files from external sources as files are downloaded, opened, or executed.

To identify and mitigate security risks, prevent malware infections and minimise the impact of security breaches.

Cyber_Essentials_v3.1

Cyber_Essentials_v3.1_3

Cyber Essentials v3.1 3

Cyber Essentials

Security Update Management

Shared

n/a

Aim: ensure that devices and software are not vulnerable to known security issues for which fixes are available.

Cyber_Essentials_v3.1

Cyber_Essentials_v3.1_5

Cyber Essentials v3.1 5

Cyber Essentials

Malware protection

Shared

n/a

Aim: to restrict execution of known malware and untrusted software, from causing damage or accessing data.

EU_2555_(NIS2)_2022_11

EU 2022/2555 (NIS2) 2022 11

Requirements, technical capabilities and tasks of CSIRTs

Shared

n/a

Outlines the requirements, technical capabilities, and tasks of CSIRTs.

EU_2555_(NIS2)_2022_12

EU 2022/2555 (NIS2) 2022 12

Coordinated vulnerability disclosure and a European vulnerability database

Shared

n/a

Establishes a coordinated vulnerability disclosure process and a European vulnerability database.

EU_2555_(NIS2)_2022_21

EU 2022/2555 (NIS2) 2022 21

Cybersecurity risk-management measures

Shared

n/a

Requires essential and important entities to take appropriate measures to manage cybersecurity risks.

193

EU_2555_(NIS2)_2022_29

EU 2022/2555 (NIS2) 2022 29

Cybersecurity information-sharing arrangements

Shared

n/a

Allows entities to exchange relevant cybersecurity information on a voluntary basis.

EU_GDPR_2016_679_Art._24

EU General Data Protection Regulation (GDPR) 2016/679 Art. 24

Chapter 4 - Controller and processor

Responsibility of the controller

Shared

n/a

310

EU_GDPR_2016_679_Art._25

EU General Data Protection Regulation (GDPR) 2016/679 Art. 25

Chapter 4 - Controller and processor

Data protection by design and by default

Shared

n/a

310

EU_GDPR_2016_679_Art._28

EU General Data Protection Regulation (GDPR) 2016/679 Art. 28

Chapter 4 - Controller and processor

Processor

Shared

n/a

310

FBI_Criminal_Justice_Information_Services_v5.9.5_5

EU_GDPR_2016_679_Art._32

EU General Data Protection Regulation (GDPR) 2016/679 Art. 32

Chapter 4 - Controller and processor

Security of processing

Shared

n/a

310

.11

FBI_Criminal_Justice_Information_Services_v5.9.5_5.11

FBI Criminal Justice Information Services (CJIS) v5.9.5 5.11

Policy and Implementation - Formal Audits

Policy Area 11: Formal Audits

Shared

Internal compliance checklists should be regularly kept updated with respect to applicable statutes, regulations, policies and on the basis of findings in audit.

Formal audits are conducted to ensure compliance with applicable statutes, regulations and policies.

FBI_Criminal_Justice_Information_Services_v5.9.5_5

FBI_Criminal_Justice_Information_Services_v5.9.5_5.7

404 not found

n/a

FFIEC_CAT_2017

3.1.1

FFIEC_CAT_2017_3.1.1

FFIEC CAT 2017 3.1.1

Cybersecurity Controls

Infrastructure Management

Shared

n/a

- Network perimeter defense tools (e.g., border router and firewall) are used. - Systems that are accessed from the Internet or by external parties are protected by firewalls or other similar devices. - All ports are monitored. - Up to date antivirus and anti-malware tools are used. - Systems configurations (for servers, desktops, routers, etc.) follow industry standards and are enforced. - Ports, functions, protocols and services are prohibited if no longer needed for business purposes. - Access to make changes to systems configurations (including virtual machines and hypervisors) is controlled and monitored. - Programs that can override system, object, network, virtual machine, and application controls are restricted. - System sessions are locked after a pre-defined period of inactivity and are terminated after pre-defined conditions are met. - Wireless network environments require security settings with strong encryption for authentication and transmission. (*N/A if there are no wireless networks.)

FFIEC_CAT_2017

3.2.3

FFIEC_CAT_2017_3.2.3

FFIEC CAT 2017 3.2.3

Cybersecurity Controls

Event Detection

Shared

n/a

- A normal network activity baseline is established. - Mechanisms (e.g., antivirus alerts, log event alerts) are in place to alert management to potential attacks. - Processes are in place to monitor for the presence of unauthorized users, devices, connections, and software. - Responsibilities for monitoring and reporting suspicious systems activity have been assigned. - The physical environment is monitored to detect potential unauthorized access.

HITRUST_CSF_v11.3

09.j

HITRUST_CSF_v11.3_09.j

HITRUST CSF v11.3 09.j

Protection Against Malicious and Mobile Code

Ensure that integrity of information and software is protected from malicious or unauthorized code

Shared

1. Technologies are to be implemented for timely installation, upgrade and renewal of anti-malware protective measures. 2. Automatic periodic scans of information systems is to be implemented. 3. Anti-malware software that offers a centralized infrastructure that compiles information on file reputations is to be implemented. 4. Post-malicious code update, signature deployment, scanning files, email, and web traffic is to be verified by automated systems, while BYOD users require anti-malware, network-based malware detection is to be used on servers without host-based solutions use. 5. Anti-malware audit logs checks to be performed. 6. Protection against malicious code is to be based on malicious code detection and repair software, security awareness, appropriate system access, and change management controls.

Detection, prevention, and recovery controls shall be implemented to protect against malicious code, and appropriate user awareness procedures on malicious code shall be provided.

ISO_IEC_27002_2022

8.7

ISO_IEC_27002_2022_8.7

ISO IEC 27002 2022 8.7

Identifying, Protection, Preventive Control

Protection against malware

Shared

Protection against malware should be implemented and supported by appropriate user awareness.

To ensure information and other associated assets are protected against malware.

New_Zealand_ISM

07.1.7.C.02

New_Zealand_ISM_07.1.7.C.02

07. Information Security Incidents

07.1.7.C.02 Preventing and detecting information security incidents

n/a

Agencies SHOULD develop, implement and maintain tools and procedures covering the detection of potential information security incidents, incorporating: user awareness and training; counter-measures against malicious code, known attack methods and types; intrusion detection strategies; data egress monitoring & control; access control anomalies; audit analysis; system integrity checking; and vulnerability assessments.

NIS2

IR._Incident_Response_2

NIS2_IR._Incident_Response_2

IR. Incident Response

Incident handling

n/a

Where essential or important entities become aware of a significant incident, they should be required to submit an early warning without undue delay and in any event within 24 hours. That early warning should be followed by an incident notification. The entities concerned should submit an incident notification without undue delay and in any event within 72 hours of becoming aware of the significant incident, with the aim, in particular, of updating information submitted through the early warning and indicating an initial assessment of the significant incident, including its severity and impact, as well as indicators of compromise, where available. A final report should be submitted not later than one month after the incident notification. The early warning should only include the information necessary to make the CSIRT, or where applicable the competent authority, aware of the significant incident and allow the entity concerned to seek assistance, if required. Such early warning, where applicable, should indicate whether the significant incident is suspected of being caused by unlawful or malicious acts, and whether it is likely to have a cross-border impact. Member States should ensure that the obligation to submit that early warning, or the subsequent incident notification, does not divert the notifying entity’s resources from activities related to incident handling that should be prioritised, in order to prevent incident reporting obligations from either diverting resources from significant incident response handling or otherwise compromising the entity’s efforts in that respect. 27.12.2022 EN Official Journal of the European Union L 333/99 In the event of an ongoing incident at the time of the submission of the final report, Member States should ensure that entities concerned provide a progress report at that time, and a final report within one month of their handling of the significant incident

NIST_SP_800-171_R3_3

.14.2

NIST_SP_800-171_R3_3.14.2

NIST 800-171 R3 3.14.2

System and Information Integrity Control

Malicious Code Protection

Shared

Malicious code insertions occur through the exploitation of system vulnerabilities. Periodic scans of the system and real-time scans of files from external sources as files are downloaded, opened, or executed can detect malicious code. Malicious code can be inserted into the system in many ways, including by email, the Internet, and portable storage devices. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code can be encoded in various formats, contained in compressed or hidden files, or hidden in files using techniques such as steganography. In addition to the above technologies, pervasive configuration management, comprehensive software integrity controls, and anti-exploitation software may be effective in preventing the execution of unauthorized code. Malicious code may be present in commercial off-the-shelf software and custom-built software and could include logic bombs, backdoors, and other types of attacks that could affect organizational mission and business functions. If malicious code cannot be detected by detection methods or technologies, organizations can rely on secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to help ensure that the software only performs intended functions. Organizations may determine that different actions are warranted in response to the detection of malicious code. For example, organizations can define actions to be taken in response to malicious code detection during scans, the detection of malicious downloads, or the detection of maliciousness when attempting to open or execute files.

a. Implement malicious code protection mechanisms at designated locations within the system to detect and eradicate malicious code. b. Update malicious code protection mechanisms as new releases are available in accordance with configuration management policy and procedures. c. Configure malicious code protection mechanisms to: 1. Perform scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at endpoints or network entry and exit points as the files are downloaded, opened, or executed; and 2. Block malicious code, quarantine malicious code, or take other actions in response to malicious code detection.

NIST_SP_800-53_R5.1.1

SI.3

NIST_SP_800-53_R5.1.1_SI.3

NIST SP 800-53 R5.1.1 SI.3

System and Information Integrity Control

Malicious Code Protection

Shared

a. Implement [Selection (one or more): signature based; non-signature based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; b. Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management policy and procedures; c. Configure malicious code protection mechanisms to: 1. Perform periodic scans of the system [Assignment: organization-defined frequency] and real-time scans of files from external sources at [Selection (one or more): endpoint; network entry and exit points] as the files are downloaded, opened, or executed in accordance with organizational policy; and 2. [Selection (one or more): block malicious code; quarantine malicious code; take [Assignment: organization-defined action] ]; and send alert to [Assignment: organization-defined personnel or roles] in response to malicious code detection; and d. Address the receipt of false positives during malicious code detection and eradication and the resulting potential impact on the availability of the system.

System entry and exit points include firewalls, remote access servers, workstations, electronic mail servers, web servers, proxy servers, notebook computers, and mobile devices. Malicious code includes viruses, worms, Trojan horses, and spyware. Malicious code can also be encoded in various formats contained within compressed or hidden files or hidden in files using techniques such as steganography. Malicious code can be inserted into systems in a variety of ways, including by electronic mail, the world-wide web, and portable storage devices. Malicious code insertions occur through the exploitation of system vulnerabilities. A variety of technologies and methods exist to limit or eliminate the effects of malicious code. Malicious code protection mechanisms include both signature- and nonsignature-based technologies. Nonsignature-based detection mechanisms include artificial intelligence techniques that use heuristics to detect, analyze, and describe the characteristics or behavior of malicious code and to provide controls against such code for which signatures do not yet exist or for which existing signatures may not be effective. Malicious code for which active signatures do not yet exist or may be ineffective includes polymorphic malicious code (i.e., code that changes signatures when it replicates). Nonsignature-based mechanisms also include reputation-based technologies. In addition to the above technologies, pervasive configuration management, comprehensive software integrity controls, and anti-exploitation software may be effective in preventing the execution of unauthorized code. Malicious code may be present in commercial off-the-shelf software as well as custom-built software and could include logic bombs, backdoors, and other types of attacks that could affect organizational mission and business functions. In situations where malicious code cannot be detected by detection methods or technologies, organizations rely on other types of controls, including secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices to ensure that software does not perform functions other than the functions intended. Organizations may determine that, in response to the detection of malicious code, different actions may be warranted. For example, organizations can define actions in response to malicious code detection during periodic scans, the detection of malicious downloads, or the detection of maliciousness when attempting to open or execute files.

NZISM_v3.7

14.1.8.C.01.

NZISM_v3.7_14.1.8.C.01.

NZISM v3.7 14.1.8.C.01.

Standard Operating Environments

14.1.8.C.01. - minimise vulnerabilities and enhance system security

Shared

n/a

Agencies SHOULD develop a hardened SOE for workstations and servers, covering: 1. removal of unneeded software and operating system components; 2. removal or disabling of unneeded services, ports and BIOS settings; 3. disabling of unused or undesired functionality in software and operating systems; 4. implementation of access controls on relevant objects to limit system users and programs to the minimum access required; 5. installation of antivirus and anti-malware software; 6. installation of software-based firewalls limiting inbound and outbound network connections; 7. configuration of either remote logging or the transfer of local event logs to a central server; and 8. protection of audit and other logs through the use of a one way pipe to reduce likelihood of compromise key transaction records.

op.exp.6 Protection against harmful code

404 not found

n/a

5.2.1

PCI_DSS_v4.0.1_5.2.1

PCI DSS v4.0.1 5.2.1

Protect All Systems and Networks from Malicious Software

An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.2.3 that concludes the system components are not at risk from malware

Shared

n/a

Examine system components to verify that an anti-malware solution(s) is deployed on all system components, except for those determined to not be at risk from malware based on periodic evaluations per Requirement 5.2.3. For any system components without an anti-malware solution, examine the periodic evaluations to verify the component was evaluated and the evaluation concludes that the component is not at risk from malware

5.2.2

PCI_DSS_v4.0.1_5.2.2

PCI DSS v4.0.1 5.2.2

Protect All Systems and Networks from Malicious Software

The deployed anti-malware solution(s) detects all known types of malware and removes, blocks, or contains all known types of malware

Shared

n/a

Examine vendor documentation and configurations of the anti-malware solution(s) to verify that the solution detects all known types of malware and removes, blocks, or contains all known types of malware

5.2.3

PCI_DSS_v4.0.1_5.2.3

PCI DSS v4.0.1 5.2.3

Protect All Systems and Networks from Malicious Software

Any system components that are not at risk for malware are evaluated periodically to include the following: a documented list of all system components not at risk for malware, identification and evaluation of evolving malware threats for those system components, confirmation whether such system components continue to not require anti-malware protection

Shared

n/a

Examine documented policies and procedures to verify that a process is defined for periodic evaluations of any system components that are not at risk for malware that includes all elements specified in this requirement. Interview personnel to verify that the evaluations include all elements specified in this requirement. Examine the list of system components identified as not at risk of malware and compare to the system components without an anti-malware solution deployed per Requirement 5.2.1 to verify that the system components match for both requirements

5.3.1

PCI_DSS_v4.0.1_5.3.1

PCI DSS v4.0.1 5.3.1

Protect All Systems and Networks from Malicious Software

The anti-malware solution(s) is kept current via automatic updates

Shared

n/a

Examine anti-malware solution(s) configurations, including any master installation of the software, to verify the solution is configured to perform automatic updates. Examine system components and logs, to verify that the anti-malware solution(s) and definitions are current and have been promptly deployed

5.3.2

PCI_DSS_v4.0.1_5.3.2

PCI DSS v4.0.1 5.3.2

Protect All Systems and Networks from Malicious Software

The anti-malware solution(s) performs periodic scans and active or real-time scans, or performs continuous behavioral analysis of systems or processes

Shared

n/a

Examine anti-malware solution(s) configurations, including any master installation of the software, to verify the solution(s) is configured to perform at least one of the elements specified in this requirement. Examine system components, including all operating system types identified as at risk for malware, to verify the solution(s) is enabled in accordance with at least one of the elements specified in this requirement. Examine logs and scan results to verify that the solution(s) is enabled in accordance with at least one of the elements specified in this requirement

5.3.3

PCI_DSS_v4.0.1_5.3.3

PCI DSS v4.0.1 5.3.3

Protect All Systems and Networks from Malicious Software

For removable electronic media, the anti-malware solution(s) performs automatic scans of when the media is inserted, connected, or logically mounted, or performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted

Shared

n/a

Examine anti-malware solution(s) configurations to verify that, for removable electronic media, the solution is configured to perform at least one of the elements specified in this requirement. Examine system components with removable electronic media connected to verify that the solution(s) is enabled in accordance with at least one of the elements as specified in this requirement. Examine logs and scan results to verify that the solution(s) is enabled in accordance with at least one of the elements specified in this requirement

RBI_CSF_Banks_v2016

13.2

RBI_CSF_Banks_v2016_13.2

Advanced Real-Timethreat Defenceand Management

Advanced Real-Timethreat Defenceand Management-13.2

n/a

Implement Anti-malware, Antivirus protection including behavioural detection systems for all categories of devices ???(Endpoints such as PCs/laptops/ mobile devices etc.), servers (operating systems, databases, applications, etc.), Web/Internet gateways, email-gateways, Wireless networks, SMS servers etc. including tools and processes for centralised management and monitoring.

RBI_ITF_NBFC_v2017

3.1.g

RBI_ITF_NBFC_v2017_3.1.g

RBI IT Framework 3.1.g

Information and Cyber Security

Trails-3.1

n/a

The IS Policy must provide for a IS framework with the following basic tenets: Trails- NBFCs shall ensure that audit trails exist for IT assets satisfying its business requirements including regulatory and legal requirements, facilitating audit, serving as forensic evidence when required and assisting in dispute resolution. If an employee, for instance, attempts to access an unauthorized section, this improper activity should be recorded in the audit trail.

link

SOC_2

CC7.2

SOC_2_CC7.2

SOC 2 Type 2 CC7.2

System Operations

Monitor system components for anomalous behavior

Shared

The customer is responsible for implementing this recommendation.

• Implements Detection Policies, Procedures, and Tools — Detection policies and procedures are defined and implemented and detection tools are implemented on infrastructure and software to identify anomalies in the operation or unusual activity on systems. Procedures may include (1) a defined governance process for security event detection and management that includes provision of resources; (2) use of intelligence sources to identify newly discovered threats and vulnerabilities; and (3) logging of unusual system activities. • Designs Detection Measures — Detection measures are designed to identify anomalies that could result from actual or attempted (1) compromise of physical barriers; (2) unauthorized actions of authorized personnel; (3) use of compromised identification and authentication credentials; (4) unauthorized access from outside the system boundaries; (5) compromise of authorized external parties; and (6) implementation or connection of unauthorized hardware and software. • Implements Filters to Analyze Anomalies — Management has implemented procedures to filter, summarize, and analyze anomalies to identify security events. • Monitors Detection Tools for Effective Operation — Management has implemented processes to monitor the effectiveness of detection tools

CC2.3

SOC_2023_CC2.3

SOC 2023 CC2.3

Information and Communication

Facilitate effective internal communication.

Shared

n/a

Entity to communicate with external parties regarding matters affecting the functioning of internal control.

218

CC5.3

SOC_2023_CC5.3

SOC 2023 CC5.3

Control Activities

Maintain alignment with organizational objectives and regulatory requirements.

Shared

n/a

Entity deploys control activities through policies that establish what is expected and in procedures that put policies into action by establishing Policies and Procedures to Support Deployment of Management’s Directives, Responsibility and Accountability for Executing Policies and Procedures, perform tasks in a timely manner, taking corrective actions, perform using competent personnel and reassess policies and procedures.

229

CC6.8

SOC_2023_CC6.8

SOC 2023 CC6.8

Logical and Physical Access Controls

Mitigate the risk of cybersecurity threats, safeguard critical systems and data, and maintain operational continuity and integrity.

Shared

n/a

Entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity’s objectives.

CC7.2

SOC_2023_CC7.2

SOC 2023 CC7.2

Systems Operations

Maintain robust security measures and ensure operational resilience.

Shared

n/a

The entity monitors system components and the operation of those components for anomalies that are indicative of malicious acts, natural disasters, and errors affecting the entity's ability to meet its objectives; anomalies are analysed to determine whether they represent security events.

167