CMMC Practice MA.3.116: Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
As part of troubleshooting a vendor may provide a diagnostic application to install on a system. The vendor is using the application to help identify the cause of issues on the system. As this is executable code there is a chance that the file is corrupt or infected with malicious code. Implement procedures to scan any files prior to installation. The same level of scrutinymust be made as with any file a staff member may download.