cmmc-si-2 Critical priority System & Info Integrity / Malware Protection

Provide protection from malicious code at appropriate locations

Malicious code including viruses, ransomware, trojans, and spyware must be detected and blocked before it can execute or spread. Antivirus and endpoint detection and response tools deployed on workstations, servers, and at email gateways are the primary defenses. Coverage matters: a single unprotected endpoint is an entry point that can spread malware across your entire environment.

4h estimated effort

malware endpoint-security antivirus edr

Implementation steps

1

Deploy endpoint protection on all workstations and servers

Install antivirus or EDR software on every workstation, laptop, and server that processes FCI. Verify that the agent is active and reporting. Use a centralized management console to track coverage so you can identify systems without protection.

crowdstrike sentinelone microsoft-defender carbon-black
2

Configure real-time protection

Enable real-time or on-access scanning so malicious files are detected when they are downloaded, opened, or executed rather than only during scheduled scans. Configure automatic remediation (quarantine or delete) for detected threats so malicious files cannot execute even if the user dismisses an alert.

crowdstrike sentinelone microsoft-defender
3

Deploy malware protection at email and web gateways

Email is the most common malware delivery vector. Deploy an email security gateway that scans attachments and links for malicious content before they reach user inboxes. Configure web proxy or DNS filtering to block access to known malicious domains and prevent malware downloads.

proofpoint mimecast microsoft-defender-for-office cisco-umbrella zscaler