SC-35

Requirement

Include system components that proactively seek to identify network-based malicious code or malicious websites.

Discussion

External malicious code identification differs from decoys in SC-26 in that the components actively probe networks, including the Internet, in search of malicious code contained on external websites. Like decoys, the use of external malicious code identification techniques requires some supporting isolation measures to ensure that any malicious code discovered during the search and subsequently executed does not infect organizational systems. Virtualization is a common technique for achieving such isolation.

NIST 800-53A Assessment Guidance

Examine

[SELECT FROM: System and communications protection policy; procedures addressing external malicious code identification; system design documentation; system configuration settings and associated documentation; system components deployed to identify malicious websites and/or web-based malicious code; system audit records; system security plan; other relevant documents or records].

Interview

[SELECT FROM: System/network administrators; organizational personnel with information security responsibilities; organizational personnel installing, configuring, and/or maintaining the system; system developers/integrators].

Test

[SELECT FROM: Automated mechanisms supporting and/or implementing external malicious code identification].

ID	Assessment Objectives
SC-35	system components that proactively seek to identify network-based malicious code or malicious websites are included.

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!