Do you monitor individuals and system components on an ongoing basis for anomalous or suspicious behavior?
Do you implement a method to analyze system behavior to detect and mitigate execution of normal system commands and scripts that indicate malicious actions?
Are these updates completed in accordance with
configuration management policy and procedures?
Does the company perform periodic scans of the
information system for malware? Are scans
performed within the timeframe specified in policy or
within the system security plan?
Does the company perform real-time scans of files
from external sources as the files are downloaded,
opened, or executed?
Does the system disinfect and quarantine infected
Does the company update information system
protection mechanisms (e.g., anti-virus signatures)
within 5 days of new releases?
When available, do managers and administrators of
the system rely on centralized management of the
flaw remediation process, to include the use of
automated update software, patch management tools,
and automated status scanning?
Is the time between flaw identification and flaw
remediation measured and compared with
Does the company employ malicious code protection
mechanisms at system entry and exit points to
minimize the presence of malicious code? System
entry and exit points may include firewalls,
electronic mail servers, web servers, proxy servers,
remote- access servers, workstations, notebook
computers, and mobile devices.