NIST SP 800-171
Control 3.7.4
Check Media for Malicious Code Before Use
CMMC-RP Certified Team
24+ Years Experience
2,500+ Clients Served
Official Requirement
Check media containing diagnostic and test programs for malicious code before the media are used in the information system.
What This Means in Plain English
Before using any external media (USB drives, diagnostic disks, update media) on your systems, it must be scanned for malware. This prevents introducing malicious code through maintenance activities.
How Petronella Implements This Control
Petronella Technology Group implements this control through:
- Mandatory malware scan of all external media before use on any organizational system
- Sophos XDR auto-scanning all removable media upon insertion
- Dedicated standalone scanning station for checking media before introduction to the network
- USB device control policies requiring scan-before-use via endpoint protection
- ComplianceArmor procedure for media scanning and authorization before use
Assessment Guidance
Assessors will verify that media scanning procedures exist and are followed, test that endpoint protection scans removable media automatically, check for a dedicated scanning station, and review logs of media scanning activities.
Common Implementation Gaps
- No malware scanning of external media before use
- Endpoint protection not configured to scan removable media
- No dedicated scanning station for external media
- Technicians using personal USB drives on CUI systems
- No procedure for handling media that fails the malware scan
Cross-Framework Mapping
| Framework | Mapped Controls |
|---|---|
| NIST SP 800-53 | MA-3(2) |
Need Help Implementing 3.7.4?
Our CMMC-RP certified team can assess your current compliance posture and build a remediation plan.
Schedule a Compliance Assessment