NIST SP 800-171
Control 3.14.2
Provide Protection from Malicious Code
CMMC-RP Certified Team
24+ Years Experience
2,500+ Clients Served
Official Requirement
Provide protection from malicious code at appropriate locations within organizational information systems.
What This Means in Plain English
Antivirus, anti-malware, and endpoint protection must be deployed on all systems to detect, prevent, and remove malicious software. Protection should be at multiple points: endpoints, email gateways, and web proxies.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- Sophos XDR endpoint protection on all workstations and servers with real-time scanning
- CrowdStrike Falcon next-generation antivirus with behavioral analysis and machine learning
- Microsoft Defender for Office 365 protecting email from malware and phishing
- FortiGate antivirus scanning at the network gateway for web and email traffic
- Automatic signature updates multiple times daily across all protection layers
- Arctic Wolf SIEM correlating malware alerts across all detection layers
Assessment Guidance
Assessors will verify that endpoint protection is deployed on all systems, check that signatures are current, test detection of test malware (EICAR), review that malware alerts are monitored, and confirm multi-layer protection deployment.
Common Implementation Gaps
- Endpoint protection missing on some systems
- Antivirus signatures outdated
- No email gateway malware protection
- No web gateway malware scanning
- Malware alerts not monitored or investigated
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | SI-3 |
| HIPAA | 164.308(a)(5)(ii)(B) - Protection from Malicious Software |
| PCI DSS | Req 5 - Protect all systems against malware |
Need Help Implementing 3.14.2?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment