Capacity
CCI-001242
The organization configures malicious code protection mechanisms to perform real-time scans of files from external sources at endpoints as the files are downloaded, opened, or executed in accordance with organizational security policy.
1
Rule
Severity: Medium
Disable auto-download for proscribed MIME types.
1
Rule
Severity: Medium
The ALG providing content filtering must be configured to perform real-time scans of files from external sources at network entry/exit points as they are downloaded and prior to being opened or executed.
1
Rule
Severity: Medium
The CA API Gateway providing content filtering must be configured to perform real-time scans of files from external sources at network entry/exit points as they are downloaded and prior to being opened or executed.
1
Rule
Severity: Medium
The IDPS must perform real-time monitoring of files from external sources at network entry/exit points.
1
Rule
Severity: Medium
The Juniper Networks SRX Series Gateway IDPS must perform real-time monitoring of files from external sources at network entry/exit points.
1
Rule
Severity: High
Microsoft Defender AV must be configured to run and scan for malware and other potentially unwanted software.
1
Rule
Severity: Medium
Microsoft Defender AV must be configured to not exclude files for scanning.
1
Rule
Severity: Medium
Microsoft Defender AV must be configured to not exclude files opened by specified processes.
1
Rule
Severity: Medium
Microsoft Defender AV must be configured to enable the Automatic Exclusions feature.
1
Rule
Severity: Medium
Firefox must be configured to not automatically execute or download MIME types that are not authorized for auto-download.
1
Rule
Severity: Medium
Microsoft Defender AV must be configured to check in real time with MAPS before content is run or accessed.
1
Rule
Severity: Medium
Microsoft Defender AV must be configured for protocol recognition for network protection.
1
Rule
Severity: Medium
Microsoft Defender AV Group Policy settings must take priority over the local preference settings.
1
Rule
Severity: Medium
Microsoft Defender AV must monitor for incoming and outgoing files.
1
Rule
Severity: Medium
Microsoft Defender AV must be configured to monitor for file and program activity.
1
Rule
Severity: Medium
Microsoft Defender AV must be configured to always enable real-time protection.
1
Rule
Severity: Medium
Microsoft Defender AV must be configured to process scanning when real-time protection is enabled.
1
Rule
Severity: Medium
Microsoft Defender AV must be configured to scan archive files.
4
Rule
Severity: Medium
The applications built-in Malware Agent must be disabled.
2
Rule
Severity: Medium
A DoD-approved third party Exchange-aware malicious code protection application must be implemented.
2
Rule
Severity: Medium
Redirection behavior for upgraded web sites by SharePoint must be blocked.
2
Rule
Severity: High
The TPS must generate a log record so an alert can be configured to, at a minimum, the system administrator when malicious code is detected.
1
Rule
Severity: Medium
The Exchange built-in malware agent must be disabled.
1
Rule
Severity: Medium
Prevent bypassing SmartScreen Filter warnings must be enabled.
1
Rule
Severity: Medium
Turn on SmartScreen Filter scan option for the Internet Zone must be enabled.
1
Rule
Severity: Medium
Turn on SmartScreen Filter scan option for the Restricted Sites Zone must be enabled.
Patternfly
PatternFly elements
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Modules