STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SI-3 — Malicious Code Protection

CCI-001242

Definition

The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.

Parent Control

SI-3Malicious Code ProtectionSystem and Information Integrity

Linked STIG Checks (13)

V-272635CAT IICylanceON-PREM must enforce that all files accessed are evaluated against the AI model for potential threats.Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-237376CAT IIThe CA API Gateway providing content filtering must be configured to perform real-time scans of files from external sources at network entry/exit points as they are downloaded and prior to being opened or executed.CA API Gateway ALG Security Technical Implementation Guide V-55359CAT IIThe IDPS must perform real-time monitoring of files from external sources at network entry/exit points.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-66433CAT IIThe Juniper Networks SRX Series Gateway IDPS must perform real-time monitoring of files from external sources at network entry/exit points.Juniper SRX SG IDPS Security Technical Implementation Guide V-66433CAT IIThe Juniper Networks SRX Series Gateway IDPS must perform real-time monitoring of files from external sources at network entry/exit points.Juniper SRX SG IDPS Security Technical Implementation Guide V-221270CAT IIThe applications built-in Malware Agent must be disabled.Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide V-228413CAT IIThe applications built-in Malware Agent must be disabled.Microsoft Exchange 2016 Mailbox Server Security Technical Implementation Guide V-223039CAT IIPrevent bypassing SmartScreen Filter warnings must be enabled.Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223043CAT IITurn on SmartScreen Filter scan option for the Internet Zone must be enabled.Microsoft Internet Explorer 11 Security Technical Implementation Guide V-223044CAT IITurn on SmartScreen Filter scan option for the Restricted Sites Zone must be enabled.Microsoft Internet Explorer 11 Security Technical Implementation Guide V-251550CAT IIFirefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.Mozilla Firefox Security Technical Implementation Guide V-241149CAT IITrend Deep Security must be configured to perform real-time malicious code protection scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242199CAT IThe TPS must generate a log record so an alert can be configured to, at a minimum, the system administrator when malicious code is detected.Trend Micro TippingPoint IDPS Security Technical Implementation Guide