What are NIST SP 800-171 and CMMC Malicious Code Protection Requirements?

Malicious code is software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system.

Anti-Malware software is used to protect a system such as a laptop or server from malicious code. Anti-malware software vendors include MalwareBytes, Defender, and Norton.

NIST SP 800-171 3.14.2 & CMMC SI.1.211: "Provide protection from malicious code at appropriate locations within organizational information systems."

To meet this requirement You need to install anti-malware software on your laptops, desktops, and servers. If you have smartphones or tablets that you provide your employees, you should install anti-malware software on them. You should also configure your email gateway to block emails containing malware.

NIST SP 800-171 3.14.4 & CMMC - SI.1.212: "Provide protection from malicious code at appropriate locations within organizational information systems."

To meet this requirement You need to install anti-malware software on your laptops, desktops, and servers. If you have smartphones or tablets that you provide your employees, you should install anti-malware software on them. You should also configure your email gateway to block emails containing malware.

NIST SP 800-171 3.14.4 & CMMC - SI.1.212: "Update malicious code protection mechanisms when new releases are available."

To meet this requirement you need to configure your anti-malware solution to update it’s signature database when a new release is available. Some solutions automatically receive signature database updates, others may be configured to check for them periodically (e.g., hourly or daily).

NIST SP 800-171 3.14.5 & CMMC SI.1.213: "Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed."

To meet this requirement uou need to configure your anti-malware solution to perform periodic scans of your systems. This can be in the form of a daily quick scan combined with a weekly full scan, it is up to you to set the frequency. You need to configure your anti-malware solution to perform real time scans. According to the anti-malware software vendor McAfee “Real-time scanning checks files for viruses each time you or your PC accesses them.” Most anti-malware solutions have this capability, you need to ensure that it is activated.