STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SI-3 — Malicious Code Protection

CCI-001240

Definition

The organization updates malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures.

Parent Control

SI-3Malicious Code ProtectionSystem and Information Integrity

Linked STIG Checks (24)

V-76435CAT IIKona Site Defender providing content filtering must update malicious code protection mechanisms and signature definitions whenever new releases are available in accordance with organizational configuration management policy and procedures.Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide V-237375CAT IIThe CA API Gateway providing content filtering must integrate with an ICAP-enabled Intrusion Detection System that updates malicious code protection mechanisms and signature definitions whenever new releases are available in accordance with organizational configuration management policy and procedures.CA API Gateway ALG Security Technical Implementation Guide V-239885CAT IIThe Cisco ASA must be configured to install updates for signature definitions and vendor-provided rules.Cisco ASA IPS Security Technical Implementation Guide V-237559CAT IIThe DBN-6300 must install system updates when new releases are available in accordance with organizational configuration management policy and procedures.DBN-6300 IDPS Security Technical Implementation Guide V-214506CAT IIThe BIG-IP ASM module must be configured to update malicious code protection mechanisms and signature definitions when providing content filtering to virtual servers for whenever new releases are available in accordance with organizational configuration management policy and procedures.F5 BIG-IP Application Security Manager Security Technical Implementation Guide V-34759CAT IIThe IDPS must verify the integrity of updates obtained directly from the vendor.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-55357CAT IIThe IDPS must install updates for application software files, signature definitions, detection heuristics, and vendor-provided rules when new releases are available in accordance with organizational configuration management policy and procedures.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-66009CAT IThe Juniper Networks SRX Series Gateway IDPS must install updates for predefined signature objects, applications signatures, IDPS policy templates, and device software when new releases are available in accordance with organizational configuration management policy and procedures.Juniper SRX SG IDPS Security Technical Implementation Guide V-66009CAT IThe Juniper Networks SRX Series Gateway IDPS must install updates for predefined signature objects, applications signatures, IDPS policy templates, and device software when new releases are available in accordance with organizational configuration management policy and procedures.Juniper SRX SG IDPS Security Technical Implementation Guide V-74201CAT IIThe McAfee Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be confined to the organizations enclave.McAfee Application Control 7.x Security Technical Implementation Guide V-74217CAT IIThe McAfee Application Control Options Reputation setting must be configured to use the McAfee Global Threat Intelligence (McAfee GTI) option.McAfee Application Control 7.x Security Technical Implementation Guide V-74225CAT IIThe McAfee Application Control Options Advanced Threat Defense (ATD) settings must not be enabled unless an internal ATD is maintained by the organization.McAfee Application Control 7.x Security Technical Implementation Guide V-74227CAT IIThe McAfee Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to send all binaries with a reputation of Might be Trusted and below for analysis.McAfee Application Control 7.x Security Technical Implementation Guide V-74229CAT IIThe McAfee Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to only send binaries with a size of 5 MB or less.McAfee Application Control 7.x Security Technical Implementation Guide V-221268CAT IIThe application must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures.Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide V-221269CAT IIThe application must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures.Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide V-228847CAT IIThe Palo Alto Networks security platform must update malicious code protection mechanisms and signature definitions whenever new releases are available in accordance with organizational configuration management policy and procedures.Palo Alto Networks ALG Security Technical Implementation Guide V-213322CAT IIThe Trellix Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be confined to the organizations enclave.Trellix Application Control 8.x Security Technical Implementation Guide V-213330CAT IIThe Trellix Application Control Options Reputation setting must be configured to use the Trellix Global Threat Intelligence (Trellix GTI) option.Trellix Application Control 8.x Security Technical Implementation Guide V-213332CAT IIThe Trellix Application Control Options Advanced Threat Defense (ATD) settings must not be enabled unless an internal ATD is maintained by the organization.Trellix Application Control 8.x Security Technical Implementation Guide V-213333CAT IIThe Trellix Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to send all binaries with a reputation of Might be Trusted and below for analysis.Trellix Application Control 8.x Security Technical Implementation Guide V-213334CAT IIThe Trellix Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to only send binaries with a size of 5MB or less.Trellix Application Control 8.x Security Technical Implementation Guide V-241147CAT IITrend Deep Security must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management policy and procedures.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242197CAT IThe SMS must install updates on the TPS for application software files, signature definitions, detection heuristics, and vendor-provided rules when new releases are available in accordance with organizational configuration management policy and procedures.Trend Micro TippingPoint IDPS Security Technical Implementation Guide