STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 4 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SI-3 — Malicious Code Protection

CCI-002624

Definition

Configure malicious code protection mechanisms to perform real-time scans of files from external sources at endpoint; and/or network entry and exit points as the files are downloaded, opened, or executed in accordance with organizational policy.

Parent Control

SI-3Malicious Code ProtectionSystem and Information Integrity

Linked STIG Checks (23)

V-204964CAT IIThe ALG providing content filtering must be configured to perform real-time scans of files from external sources at network entry/exit points as they are downloaded and prior to being opened or executed.Application Layer Gateway Security Requirements Guide V-206888CAT IIThe IDPS must perform real-time monitoring of files from external sources at network entry/exit points.Intrusion Detection and Prevention Systems Security Requirements Guide V-214633CAT IIThe Juniper Networks SRX Series Gateway IDPS must perform real-time monitoring of files from external sources at network entry/exit points.Juniper SRX Services Gateway IDPS Security Technical Implementation Guide V-213428CAT IMicrosoft Defender AV must be configured to run and scan for malware and other potentially unwanted software.Microsoft Defender Antivirus Security Technical Implementation Guide V-213429CAT IIMicrosoft Defender AV must be configured to not exclude files for scanning.Microsoft Defender Antivirus Security Technical Implementation Guide V-213430CAT IIMicrosoft Defender AV must be configured to not exclude files opened by specified processes.Microsoft Defender Antivirus Security Technical Implementation Guide V-213431CAT IIMicrosoft Defender AV must be configured to enable the Automatic Exclusions feature.Microsoft Defender Antivirus Security Technical Implementation Guide V-213433CAT IIMicrosoft Defender AV must be configured to check in real time with MAPS before content is run or accessed.Microsoft Defender Antivirus Security Technical Implementation Guide V-213436CAT IIMicrosoft Defender AV must be configured for protocol recognition for network protection.Microsoft Defender Antivirus Security Technical Implementation Guide V-213441CAT IIMicrosoft Defender AV Group Policy settings must take priority over the local preference settings.Microsoft Defender Antivirus Security Technical Implementation Guide V-213442CAT IIMicrosoft Defender AV must monitor for incoming and outgoing files.Microsoft Defender Antivirus Security Technical Implementation Guide V-213443CAT IIMicrosoft Defender AV must be configured to monitor for file and program activity.Microsoft Defender Antivirus Security Technical Implementation Guide V-213445CAT IIMicrosoft Defender AV must be configured to always enable real-time protection.Microsoft Defender Antivirus Security Technical Implementation Guide V-213447CAT IIMicrosoft Defender AV must be configured to process scanning when real-time protection is enabled.Microsoft Defender Antivirus Security Technical Implementation Guide V-213448CAT IIMicrosoft Defender AV must be configured to scan archive files.Microsoft Defender Antivirus Security Technical Implementation Guide V-278659CAT IIMicrosoft Defender AV must randomize scheduled task times.Microsoft Defender Antivirus Security Technical Implementation Guide V-278668CAT IIMicrosoft Defender AV must enable script scanning.Microsoft Defender Antivirus Security Technical Implementation Guide V-278669CAT IIMicrosoft Defender AV must enable real-time protection and Security Intelligence Updates during OOBE.Microsoft Defender Antivirus Security Technical Implementation Guide V-278676CAT IIMicrosoft Defender AV must scan excluded files and directories during quick scans.Microsoft Defender Antivirus Security Technical Implementation Guide V-278679CAT IIMicrosoft Defender AV must scan packed executables.Microsoft Defender Antivirus Security Technical Implementation Guide V-278680CAT IIMicrosoft Defender AV must enable heuristics.Microsoft Defender Antivirus Security Technical Implementation Guide V-259694CAT IIExchange antimalware agent must be enabled and configured.Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide V-242199CAT IThe TPS must generate a log record so an alert can be configured to, at a minimum, the system administrator when malicious code is detected.Trend Micro TippingPoint IDPS Security Technical Implementation Guide