V-55361

Discussion

Configuring the network element to delete and/or quarantine based on local organizational incident handling procedures minimizes the impact of this code on the network.<br /><br />Malicious code includes, but is not limited to, viruses, worms, Trojan horses, and spyware. The code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive. Malicious code may also be able to run and attach programs, which may allow the unauthorized distribution of malicious mobile code.<br /><br />Sometimes it is necessary to generate a log event and then automatically delete the malicious code; however, for critical attacks or where forensic evidence is deemed necessary, the preferred action is for the file to be quarantined for further investigation.<br /><br />This requirement is limited to network elements that perform security functions, such as ALG and IDPS.

Check Content

Verify the IDPS quarantines and/or delete malicious code.<br /><br />If the IDPS does not quarantine and/or delete malicious code, this is a finding.