CCI-001243

Configure malicious code protection mechanisms to block malicious code; quarantine malicious code; and/or take organization-defined action(s) in response to malicious code detection.

1 rule found Severity: Medium

1 rule found Severity: High

1 rule found Severity: Medium

2 rules found Severity: Medium

1 rule found Severity: Medium

1 rule found Severity: High

CCI-001243

Kona Site Defender providing content filtering must block malicious code upon detection.

Kona Site Defender providing content filtering must send an immediate (within seconds) alert to the system administrator, at a minimum, in response to malicious code detection.

The CA API Gateway providing content filtering must block malicious code upon detection.

The CA API Gateway providing content filtering must delete or quarantine malicious code in response to malicious code detection.

The CA API Gateway providing content filtering must send an immediate (within seconds) alert to the system administrator, at a minimum, in response to malicious code detection.

Microsoft Defender AV must be configured to automatically take action on all detected tasks.

File types must be configured to provide mismatch warnings.

Update of automatic links must be configured to prompt.

File types must be configured to provide mismatch warnings

The Update of automatic links setting must be configured to prompt user before allowing links to be updated.

The Cisco ASA must be configured to block malicious code.

The Cisco ASA must be configured to block traffic from IP addresses that have a known bad reputation based on the latest reputation intelligence.

The Cisco ASA must be configured to send an alert to organization-defined personnel and/or the firewall administrator when malicious code is detected.

The F5 BIG-IP appliance must generate event log records that can be forwarded to the centralized events log.

The TPS must block malicious code.

The TPS must generate a log record so an alert can be configured to, at a minimum, the system administrator when malicious code is detected.

The ALG providing content filtering must block malicious code upon detection.

The ALG providing content filtering must delete or quarantine malicious code in response to malicious code detection.

The ALG providing content filtering must send an immediate (within seconds) alert to the system administrator, at a minimum, in response to malicious code detection.

The IDPS must block malicious code.

The IDPS must quarantine and/or delete malicious code.

The IDPS must send an immediate (within seconds) alert to, at a minimum, the system administrator when malicious code is detected.

The Juniper Networks SRX Series Gateway IDPS must drop packets or disconnect the connection when malicious code is detected.

The Juniper Networks SRX Series Gateway IDPS must send an immediate alert to, at a minimum, the Security Control Auditor (SCA) when malicious code is detected.

The application must be configured to block and quarantine malicious code upon detection, then send an immediate alert to appropriate individuals.

The Palo Alto Networks security platform must drop malicious code upon detection.

The Palo Alto Networks security platform must delete or quarantine malicious code in response to malicious code detection.

The Palo Alto Networks security platform must send an immediate (within seconds) alert to the system administrator, at a minimum, in response to malicious code detection.

The Palo Alto Networks security platform must detect and drop any prohibited mobile or otherwise malicious code at internal boundaries.

The Palo Alto Networks security platform must send an immediate (within seconds) alert to, at a minimum, the SA when malicious code is detected.

Microsoft Defender AV must be configured to block the Potentially Unwanted Application (PUA) feature.