STIGs RMF Controls Compare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
RMF Controls
Compare Versions

Resources

About
Release Notes
VPAT
DISA STIG Library

STIGs updated 4 hours ago

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← SI-3 — Malicious Code Protection

CCI-004965

Definition

Automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management procedures.

Parent Control

SI-3Malicious Code ProtectionSystem and Information Integrity

Linked STIG Checks (13)

V-204963CAT IIThe ALG providing content filtering must update malicious code protection mechanisms and signature definitions whenever new releases are available in accordance with organizational configuration management policy.Application Layer Gateway Security Requirements Guide V-239885CAT IIThe Cisco ASA must be configured to install updates for signature definitions and vendor-provided rules.Cisco ASA IPS Security Technical Implementation Guide V-206887CAT IIThe IDPS must automatically update malicious code protection mechanisms as new releases are available in accordance with organizational configuration management procedures.Intrusion Detection and Prevention Systems Security Requirements Guide V-214619CAT IThe Juniper Networks SRX Series Gateway IDPS must install updates for predefined signature objects, applications signatures, IDPS policy templates, and device software when new releases are available in accordance with organizational configuration management policy and procedures.Juniper SRX Services Gateway IDPS Security Technical Implementation Guide V-205528CAT IIThe Mainframe Product must update malicious code protection mechanisms whenever new releases are available in accordance with organizational configuration management procedures.Mainframe Product Security Requirements Guide V-228847CAT IIThe Palo Alto Networks security platform must update malicious code protection mechanisms and signature definitions whenever new releases are available in accordance with organizational configuration management policy and procedures.Palo Alto Networks ALG Security Technical Implementation Guide V-207694CAT IIThe Palo Alto Networks security platform must install updates for application software files, signature definitions, detection heuristics, and vendor-provided rules when new releases are available in accordance with organizational configuration management policy and procedures.Palo Alto Networks IDPS Security Technical Implementation Guide V-213322CAT IIThe Trellix Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be confined to the organizations enclave.Trellix Application Control 8.x Security Technical Implementation Guide V-213330CAT IIThe Trellix Application Control Options Reputation setting must be configured to use the Trellix Global Threat Intelligence (Trellix GTI) option.Trellix Application Control 8.x Security Technical Implementation Guide V-213332CAT IIThe Trellix Application Control Options Advanced Threat Defense (ATD) settings must not be enabled unless an internal ATD is maintained by the organization.Trellix Application Control 8.x Security Technical Implementation Guide V-213333CAT IIThe Trellix Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to send all binaries with a reputation of Might be Trusted and below for analysis.Trellix Application Control 8.x Security Technical Implementation Guide V-213334CAT IIThe Trellix Application Control Options Advanced Threat Defense (ATD) settings, if being used, must be configured to only send binaries with a size of 5MB or less.Trellix Application Control 8.x Security Technical Implementation Guide V-242197CAT IThe SMS must install updates on the TPS for application software files, signature definitions, detection heuristics, and vendor-provided rules when new releases are available in accordance with organizational configuration management policy and procedures.Trend Micro TippingPoint IDPS Security Technical Implementation Guide