NIST SP 800-171
Control 3.14.4
Update Malicious Code Protection Mechanisms
CMMC-RP Certified Team
24+ Years Experience
2,500+ Clients Served
Official Requirement
Update malicious code protection mechanisms when new releases are available.
What This Means in Plain English
Your antivirus and anti-malware tools must be kept up to date with the latest signatures, engines, and definitions. Updates should happen automatically and frequently to protect against the newest threats.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- Sophos XDR configured for automatic signature and engine updates multiple times daily
- CrowdStrike Falcon cloud-delivered updates ensuring real-time protection against new threats
- Microsoft Defender definition updates delivered automatically via Windows Update
- FortiGate antivirus signatures updated automatically every 4 hours
- ComplianceArmor monitoring update compliance across all protection layers
Assessment Guidance
Assessors will check the last update dates for all malicious code protection tools, verify that automatic updates are configured, test that updates are applied successfully, and confirm that update failures are alerted and resolved.
Common Implementation Gaps
- Antivirus signatures not updated regularly
- Automatic updates disabled or failing
- Endpoint protection engine outdated
- No monitoring of update success/failure
- Isolated systems not receiving updates
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | SI-3 |
| PCI DSS | Req 5.2 - Ensure that all anti-virus mechanisms are kept current |
Need Help Implementing 3.14.4?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment