STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 2 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SI-3 — Malicious Code Protection

CCI-001243

Definition

Configure malicious code protection mechanisms to block malicious code; quarantine malicious code; and/or take organization-defined action(s) in response to malicious code detection.

Parent Control

SI-3Malicious Code ProtectionSystem and Information Integrity

Linked STIG Checks (58)

V-76437CAT IIKona Site Defender providing content filtering must block malicious code upon detection.Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide V-76439CAT IIKona Site Defender providing content filtering must send an immediate (within seconds) alert to the system administrator, at a minimum, in response to malicious code detection.Akamai KSD Service Impact Level 2 ALG Security Technical Implementation Guide V-204965CAT IIThe ALG providing content filtering must block malicious code upon detection.Application Layer Gateway Security Requirements Guide V-204966CAT IIThe ALG providing content filtering must delete or quarantine malicious code in response to malicious code detection.Application Layer Gateway Security Requirements Guide V-204967CAT IIThe ALG providing content filtering must send an immediate (within seconds) alert to the system administrator, at a minimum, in response to malicious code detection.Application Layer Gateway Security Requirements Guide V-272634CAT IICylanceON-PREM must be configured to send alerts via Simple Mail Transfer Protocol (SMTP).Arctic Wolf CylanceON-PREM Security Technical Implementation Guide V-237377CAT IIThe CA API Gateway providing content filtering must block malicious code upon detection.CA API Gateway ALG Security Technical Implementation Guide V-237378CAT IIThe CA API Gateway providing content filtering must delete or quarantine malicious code in response to malicious code detection.CA API Gateway ALG Security Technical Implementation Guide V-237379CAT IIThe CA API Gateway providing content filtering must send an immediate (within seconds) alert to the system administrator, at a minimum, in response to malicious code detection.CA API Gateway ALG Security Technical Implementation Guide V-239886CAT IIThe Cisco ASA must be configured to block malicious code.Cisco ASA IPS Security Technical Implementation Guide V-239887CAT IIThe Cisco ASA must be configured to block traffic from IP addresses that have a known bad reputation based on the latest reputation intelligence.Cisco ASA IPS Security Technical Implementation Guide V-239888CAT IIThe Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when malicious code is detected.Cisco ASA IPS Security Technical Implementation Guide V-266146CAT IIThe F5 BIG-IP appliance must generate event log records that can be forwarded to the centralized events log.F5 BIG-IP TMOS ALG Security Technical Implementation Guide V-34762CAT IIThe IDPS must block malicious code.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-55361CAT IIThe IDPS must quarantine and/or delete malicious code.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-55363CAT IIThe IDPS must send an immediate (within seconds) alert to, at a minimum, the system administrator when malicious code is detected.Intrusion Detection and Prevention Systems (IDPS) Security Requirements Guide V-206889CAT IIThe IPS must block malicious code.Intrusion Detection and Prevention Systems Security Requirements Guide V-206890CAT IIThe IPS must quarantine or block malicious code.Intrusion Detection and Prevention Systems Security Requirements Guide V-206891CAT IIThe IDPS must send an immediate (within seconds) alert to, at a minimum, the system administrator when malicious code is detected.Intrusion Detection and Prevention Systems Security Requirements Guide V-66435CAT IIThe Juniper Networks SRX Series Gateway IDPS must drop packets or disconnect the connection when malicious code is detected.Juniper SRX SG IDPS Security Technical Implementation Guide V-66435CAT IIThe Juniper Networks SRX Series Gateway IDPS must drop packets or disconnect the connection when malicious code is detected.Juniper SRX SG IDPS Security Technical Implementation Guide V-66437CAT IIThe Juniper Networks SRX Series Gateway IDPS must send an immediate alert to, at a minimum, the Security Control Auditor (SCA) when malicious code is detected.Juniper SRX SG IDPS Security Technical Implementation Guide V-66437CAT IIThe Juniper Networks SRX Series Gateway IDPS must send an immediate alert to, at a minimum, the Security Control Auditor (SCA) when malicious code is detected.Juniper SRX SG IDPS Security Technical Implementation Guide V-214634CAT IIThe Juniper Networks SRX Series Gateway IDPS must drop packets or disconnect the connection when malicious code is detected.Juniper SRX Services Gateway IDPS Security Technical Implementation Guide V-214635CAT IIThe Juniper Networks SRX Series Gateway IDPS must send an immediate alert to, at a minimum, the Security Control Auditor (SCA) when malicious code is detected.Juniper SRX Services Gateway IDPS Security Technical Implementation Guide V-213426CAT IMicrosoft Defender AV must be configured to block the Potentially Unwanted Application (PUA) feature.Microsoft Defender Antivirus Security Technical Implementation Guide V-213427CAT IIMicrosoft Defender AV must be configured to automatically take action on all detected tasks.Microsoft Defender Antivirus Security Technical Implementation Guide V-272882CAT IIMicrosoft Defender for Endpoint (MDE) must alert administrators on policy violations defined for endpoints.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275979CAT IIMicrosoft Defender for Endpoint (MDE) must enable Automatically Resolve Alerts.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275980CAT IIMicrosoft Defender for Endpoint (MDE) must enable Allow or block file.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275981CAT IIMicrosoft Defender for Endpoint (MDE) must enable Hide potential duplicate device records.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275982CAT IIMicrosoft Defender for Endpoint (MDE) must enable Custom network indicators.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275983CAT IIMicrosoft Defender for Endpoint (MDE) must enable Tamper protection.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275984CAT IIMicrosoft Defender for Endpoint (MDE) must enable Show user details.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275985CAT IIMicrosoft Defender for Endpoint (MDE) must enable Microsoft Defender for Cloud Apps.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275986CAT IIMicrosoft Defender for Endpoint (MDE) must enable Web content filtering.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275987CAT IIMicrosoft Defender for Endpoint (MDE) must enable Device discovery.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275988CAT IIMicrosoft Defender for Endpoint (MDE) must enable Download quarantined files.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275989CAT IIMicrosoft Defender for Endpoint (MDE) must enable Live Response.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275990CAT IIMicrosoft Defender for Endpoint (MDE) must enable Live Response for Servers.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275991CAT IIMicrosoft Defender for Endpoint (MDE) must enable Share endpoint alerts with Microsoft Compliance Center.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275992CAT IIMicrosoft Defender for Endpoint (MDE) must enable Microsoft Intune connection.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275993CAT IIMicrosoft Defender for Endpoint (MDE) must enable Authenticated telemetry.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275994CAT IIMicrosoft Defender for Endpoint (MDE) must enable File Content Analysis.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275995CAT IIMicrosoft Defender for Endpoint (MDE) must enable Memory Content Analysis.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275996CAT IIMicrosoft Defender for Endpoint (MDE) Discovery Mode must enable Log4j2 detection.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275997CAT IIMicrosoft Defender for Endpoint (MDE) Discovery Mode must be set to All Devices.Microsoft Defender for Endpoint Security Technical Implementation Guide V-275998CAT IIMicrosoft Defender for Endpoint (MDE) must enable Full remediation for Device groups.Microsoft Defender for Endpoint Security Technical Implementation Guide V-221266CAT IIThe application must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals.Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide V-221267CAT IIThe application must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals.Microsoft Exchange 2016 Edge Transport Server Security Technical Implementation Guide V-228848CAT IIThe Palo Alto Networks security platform must drop malicious code upon detection.Palo Alto Networks ALG Security Technical Implementation Guide V-228849CAT IIThe Palo Alto Networks security platform must delete or quarantine malicious code in response to malicious code detection.Palo Alto Networks ALG Security Technical Implementation Guide V-228850CAT IIThe Palo Alto Networks security platform must send an immediate (within seconds) alert to the system administrator, at a minimum, in response to malicious code detection.Palo Alto Networks ALG Security Technical Implementation Guide V-207695CAT IIThe Palo Alto Networks security platform must detect and drop any prohibited mobile or otherwise malicious code at internal boundaries.Palo Alto Networks IDPS Security Technical Implementation Guide V-207696CAT IIThe Palo Alto Networks security platform must send an immediate (within seconds) alert to, at a minimum, the SA when malicious code is detected.Palo Alto Networks IDPS Security Technical Implementation Guide V-241150CAT IITrend Deep Security must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals.Trend Micro Deep Security 9.x Security Technical Implementation Guide V-242198CAT IIThe TPS must block malicious code.Trend Micro TippingPoint IDPS Security Technical Implementation Guide V-242199CAT IThe TPS must generate a log record so an alert can be configured to, at a minimum, the system administrator when malicious code is detected.Trend Micro TippingPoint IDPS Security Technical Implementation Guide