SI-3(10): Malicious Code Analysis

Control Family:

System And Information Integrity

Parent Control:

SI-3: Malicious Code Protection

Priority:

P1: Implement P1 security controls first.

CSF v1.1 References:

Threats Addressed:

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SI-3(10): Malicious Code Analysis

Control Statement

The organization:

Employs [Assignment: organization-defined tools and techniques] to analyze the characteristics and behavior of malicious code; and
Incorporates the results from malicious code analysis into organizational incident response and flaw remediation processes.

Supplemental Guidance

The application of selected malicious code analysis tools and techniques provides organizations with a more in-depth understanding of adversary tradecraft (i.e., tactics, techniques, and procedures) and the functionality and purpose of specific instances of malicious code. Understanding the characteristics of malicious code facilitates more effective organizational responses to current and future threats. Organizations can conduct malicious code analyses by using reverse engineering techniques or by monitoring the behavior of executing code.