SI-3: Malicious Code Protection
NIST Baseline: Low
DIR Required By: 07/20/2023
Review Date: 08/22/2024
- All Tarleton State University (Tarleton) information resources use a centrally administered antivirus application/service/utility, as determined by the Tarleton Chief Information Security Officer (CISO), to detect and eradicate or quarantine malicious code.
- Software safeguarding information resources against malicious code should not be disabled or bypassed.
- The software settings that protect information resources against malicious code should not be altered to reduce its effectiveness.
- The automatic update frequency of software that safeguards against malicious code shall not be altered to reduce the frequency of updates.
- Any exceptions needed to the above must be reviewed and approved by the Tarleton CISO.
- Tarleton has implemented processes to ensure that antivirus installations are up to date as new releases are available in accordance with organizational configuration management policy and procedures.
- Tarleton utilizes the following malicious code protection mechanisms:
- Performs periodic scans of the system continuously and real-time scans of files from external sources (i.e. email attachments and shared files) as the files are downloaded, opened, or executed in accordance with organizational policy; and
- Whenever malicious activity is detected, the activity is blocked and an alert is sent to the Office of Innovatie Technology Solutions (OITS) Security Team.
- The Tarleton OITS Security Team reviews the alerts for false positives to minimize potential impact on the university, as needed.