CMMC Practice SI.1.213: Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Companies should use anti-malware software to scan and identify viruses in their computer systems, and have a plan for how often scans are conducted. Real-time scans will look at the system whenever new files are downloaded, opened, and saved. Periodic scans check previously saved files against updated malware information.