Malicious code is software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system.

Anti-Malware software is used to protect a system such as a laptop or server from malicious code. Anti-malware software vendors include MalwareBytes, Defender, and Norton.

NIST SP 800-171 3.14.2 & CMMC SI.1.211: "Provide protection from malicious code at appropriate locations within organizational information systems."

To meet this requirement You need to install anti-malware software on your laptops, desktops, and servers. If you have smartphones or tablets that you provide your employees, you should install anti-malware software on them. You should also configure your email gateway to block emails containing malware.

NIST SP 800-171 3.14.4 & CMMC - SI.1.212: "Provide protection from malicious code at appropriate locations within organizational information systems."

To meet this requirement You need to install anti-malware software on your laptops, desktops, and servers. If you have smartphones or tablets that you provide your employees, you should install anti-malware software on them. You should also configure your email gateway to block emails containing malware.

NIST SP 800-171 3.14.4 & CMMC - SI.1.212: "Update malicious code protection mechanisms when new releases are available."

To meet this requirement you need to configure your anti-malware solution to update it’s signature database when a new release is available. Some solutions automatically receive signature database updates, others may be configured to check for them periodically (e.g., hourly or daily).

NIST SP 800-171 3.14.5 & CMMC SI.1.213: "Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed."

To meet this requirement uou need to configure your anti-malware solution to perform periodic scans of your systems. This can be in the form of a daily quick scan combined with a weekly full scan, it is up to you to set the frequency. You need to configure your anti-malware solution to perform real time scans. According to the anti-malware software vendor McAfee “Real-time scanning checks files for viruses each time you or your PC accesses them.” Most anti-malware solutions have this capability, you need to ensure that it is activated.