NIST SP 800-171 Rev 2 practice 3.14.2 requires organizations to deploy malicious code protection mechanisms at system entry and exit points — such as firewalls, email gateways, and web proxies — as well as on individual endpoints including workstations, servers, and mobile computing devices. Organizations must first identify all designated locations where malicious code can enter or exit the environment and then ensure active, functioning protection is in place at each location. Mechanisms include antivirus software, anti-malware platforms, and network-based inspection tools capable of detecting and eradicating known and unknown malicious code. Protection must cover both inbound and outbound traffic vectors and must be actively enforced rather than merely installed. This practice operationalizes the broader System and Information Integrity domain goal of detecting and responding to software and firmware threats before they can cause harm to CUI or organizational operations.
Where it stops · what it isn't
- —This practice does not govern the update frequency or currency of malicious code protection signatures — that is addressed by SI-L2-3.14.4 (update malicious code protection mechanisms).
- —This practice does not cover periodic scanning schedules or real-time scan configurations — those are addressed by SI-L2-3.14.5.
- —This practice does not address security alerts and advisories about newly identified malware threats — that is covered by SI-L2-3.14.3.
- —This practice does not govern the maintenance of tools used to support malicious code protection at remote sites — that falls under MA-L2-3.7.4.
- —This practice does not define incident response procedures for after malicious code is detected — that is the responsibility of the IR domain practices.
Connected concepts in the graph
Every cubelet sits in a knowledge graph. Here's what this one connects to.
PART OFdomain/system-and-information-integrity