10: Malware Defenses
PF v1.0 References:
Threats Addressed:
Control Statement
Prevent or control the installation, spread, and execution of malicious applications, code, or scripts on enterprise assets.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]
Subcontrols
10.1: Deploy and Maintain Anti-Malware Software
Deploy and maintain anti-malware software on all enterprise assets.
10.2: Configure Automatic Anti-Malware Signature Updates
Configure automatic updates for anti-malware signature files on all enterprise assets.
10.3: Disable Autorun and Autoplay for Removable Media
Disable autorun and autoplay auto-execute functionality for removable media.
10.4: Configure Automatic Anti-Malware Scanning of Removable Media
Configure anti-malware software to automatically scan removable media.
10.5: Enable Anti-Exploitation Features
Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
10.6: Centrally Manage Anti-Malware Software
Centrally manage anti-malware software.
10.7: Use Behavior-Based Anti-Malware Software
Use behavior-based anti-malware software.