cmmc-si-3 High priority System & Info Integrity / Malware Protection

Update malware protection mechanisms when new releases are available

Antivirus and endpoint protection software is only effective against threats its detection definitions know about. Malware authors release new variants continuously, and protection software must receive regular updates to detect them. Outdated definitions leave systems vulnerable to threats that have been known for days or weeks. Most modern endpoint protection tools support automatic updates, and there is rarely a good reason to disable them.

Implementation steps

  1. 1

    Enable automatic definition and engine updates

    Configure endpoint protection on all systems to automatically download and apply definition updates as they are released by the vendor. Most enterprise platforms update multiple times daily. Confirm that automatic updates are enabled in the management console and that endpoints are successfully receiving updates.

    crowdstrike sentinelone microsoft-defender carbon-black
  2. 2

    Monitor update status across all endpoints

    Use the centralized management console to monitor which endpoints have current definitions and which are behind. Set alerts for endpoints that have not received an update within 24 to 48 hours so you can investigate and remediate quickly. Endpoints that are offline for extended periods (traveling laptops, infrequently used systems) need particular attention.

    crowdstrike sentinelone microsoft-defender intune
  3. 3

    Document the update policy and monitor exceptions

    Document your policy for how frequently definitions must be updated and the maximum acceptable staleness. Track any systems with exceptions (e.g., air-gapped systems that cannot auto-update) and establish a manual update process for them.

    confluence excel

Evidence required

Automatic update configuration

Evidence that endpoint protection is configured for automatic definition updates.

  • - Management console screenshot showing automatic update settings
  • - Endpoint protection policy configuration

Definition update status report

A recent report showing current definition version status across all endpoints.

  • - EDR/AV management console update status dashboard
  • - Endpoint health report showing definition dates

Related controls