CMMC Practice SI.1.211: Provide protection from malicious code at appropriate locations within organizational information systems.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
You can protect your company’s valuable IT system by stopping malicious code at designated locations in your system. Malicious code is program code that purposefully creates an unauthorized function or process that will have a negative impact on the confidentiality, integrity, or availability of an information system. A designated location may be your network device or your computer.
Malicious code includes the following, which can be hidden in email, email attachments, web access:
- viruses, programs designed to damage, steal information, change data, send email, show messages, or any combination of these things;
- spyware, a program designed to gather information about a person’s activity in secret, and is usually installed without the person knowing when they click on a link; and
- a trojan horse, a type of malware made to look like legitimate/real software, and used by cyber criminals to get access to a company’s systems.
By using anti-malware tools, you can stop or lessen the impact of malicious code.