Introduction
A System and Information Integrity program is critical for managing risks from system weaknesses, malicious code intrusion, and application errors.
System Flaws and Security Alerts
| Control | |
| 3.14.1 | Identify, report, and correct system flaws in a timely manner. |
| 3.14.3 | Monitor system security alerts and advisories and take action in response. |
System flaws, including software and firmware, are discovered during security assessments, continuous monitoring, log review, and incident response activities. Critical patching, service packs, hot fixes, and antivirus signature flaws must be reported to designated security personnel as soon as they are discovered so immediate action can be taken.
Proactive checks are available through the Common Vulnerability Exposures and Enumerations database.
System security alerts and advisories provide timely information about security issues, vulnerabilities, and exploits and are key to being proactive and on-time for incident response. The CISA (Cybersecurity and Infrastructure Security Agency) generates all security advisories for the federal government.
Protection from Malicious Code
| Control | |
| 3.14.2 | Provide protection from malicious code at designated locations within organizational systems. |
| 3.14.4 | Update malicious code protection mechanisms when new releases are available. |
| 3.14.5 | Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. |
Designated locations refer to system entry and exit points, including:
- Firewalls
- Remote access
- Mail servers
- Web servers
- Workstations
- Mobile devices
Malicious codes (viruses, worms, Trojan horses, spyware, and ransomware) could be compressed in hidden files within e-mail and attachments, social media ads, and web sites.
Protection starts from the gateway or firewalls with custom ingress and egress ports and NAT/PAT (Network/Port address translation) controls with application firewall configuration and Geo IP controls, periodic scans, and log monitoring from the firewalls and application firewall, servers, and SIEM (Security Information and Event Management).
Malicious code protection mechanisms include anti-virus signature definitions and other reputation-based technologies (“a security mechanism that classifies a file as safe or unsafe based on its inherently garnered reputation” – Techopedia). For protection from malicious code in custom-built software (logic bombs, back doors) additional mechanisms should be put into place, including secure coding, configuration control, supplier security, and monitoring.
Unfortunately, malicious code is not static, and it is important to stay current with patches and other updates to anti-malware software. This is achieved through initially configuring the program to automatically install updates to the latest antivirus code.
Periodic scans of organizational systems can detect malicious code. The frequency of malicious code scans on a system is set based on system and organizational needs.
Additionally, real-time scans of files from external sources (e-mails, e-mail attachments, external storage devices, etc.) are also important. If any malware threat is detected, real-time scanning mechanisms quarantine the file, thus blocking the user from accessing it.
System Monitoring
| Control | |
| 3.14.6 | Monitor organizational systems, including inbound and outbound traffic, to detect attacks and indicators of potential attacks. |
| 3.14.7 | Identify unauthorized use of organizational systems. |
Systems must be monitored at both the external boundaries (perimeter defense) and within the system’s internal activities. Mechanisms include tools for intrusion detection and prevention, and software for malicious code protection, audit record monitoring, and network monitoring.
System monitoring can detect unauthorized use of organizational systems, and is an integral part of an organization’s incident response plan.
Need Help?
If you are an Organization Seeking Certification (OSC) and are overwhelmed by the enormity and complexity of CMMC, consider professional services to help you plan, implement, and maintain compliance and ensure uninterrupted eligibility for DoD work.
FoxGuard Solutions delivers reliable, secure and configurable solutions to solve technology and compliance challenges faced by critical infrastructure entities. With over four decades of experience, our team focuses on delivering customized cybersecurity and compliance solutions.
Our services will help guide your organization through the Discovery, Planning, Execution and Maintenance phases necessary to allow your organization to attain Cybersecurity Maturity Model Certification (CMMC). Our team of experts will partner with you to review existing policies, processes, procedures, and technical controls to identify any gaps with CMMC requirements. An execution plan will be created that aligns with your needs, budget and timeline, and which outlines a recommended approach to attain CMMC.
As a Microsoft Gold Certified Partner, FoxGuard Solutions has experience in delivering both on premise as well as cloud-based solutions to assist you with your compliance needs.
FoxGuard Solutions is ISO 9001 and ISO 27001 certified, and is a CMMC Registered Provider Organization.
Please visit https://foxguardsolutions.com/cmmc/ for more information.