SI-3(7): Nonsignature-Based Detection

CSF v1.1 References:


(Not part of any baseline)

Warning icon.

Control is withdrawn in the next version of this control set and incorporated into: SI-3: Malicious Code Protection.

Control Statement

The information system implements nonsignature-based malicious code detection mechanisms.

Supplemental Guidance

Nonsignature-based detection mechanisms include, for example, the use of heuristics to detect, analyze, and describe the characteristics or behavior of malicious code and to provide safeguards against malicious code for which signatures do not yet exist or for which existing signatures may not be effective. This includes polymorphic malicious code (i.e., code that changes signatures when it replicates). This control enhancement does not preclude the use of signature-based detection mechanisms.