>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-3(10)Malicious Code Protection | Malicious Code Analysis

IL5
IL6

>Control Description

(a) Employ the following tools and techniques to analyze the characteristics and behavior of malicious code: organization-defined tools and techniques; and (b) Incorporate the results from malicious code analysis into organizational incident response and flaw remediation processes.

>DoD Impact Level Requirements

No specific parameter values or requirements for this impact level.

>Discussion

The use of malicious code analysis tools provides organizations with a more in-depth understanding of adversary tradecraft (i.e., tactics, techniques, and procedures) and the functionality and purpose of specific instances of malicious code. Understanding the characteristics of malicious code facilitates effective organizational responses to current and future threats. Organizations can conduct malicious code analyses by employing reverse engineering techniques or by monitoring the behavior of executing code.

>Assessment Interview Topics

Questions assessors commonly ask

Process & Governance:

  • What policies and procedures govern malicious code analysis?
  • Who is responsible for monitoring system and information integrity?
  • How frequently are integrity monitoring processes reviewed and updated?
  • What is your process for identifying, reporting, and remediating flaws and vulnerabilities?

Technical Implementation:

  • What technical controls detect and respond to malicious code analysis issues?
  • How are integrity violations identified and reported?
  • What automated tools support system and information integrity monitoring?
  • What tools are used to identify software flaws and vulnerabilities?
  • What anti-malware solutions are deployed and how are they configured?

Evidence & Documentation:

  • Can you provide recent integrity monitoring reports or alerts?
  • What logs demonstrate that SI-3(10) is actively implemented?
  • Where is evidence of integrity monitoring maintained and for how long?
  • Can you provide recent vulnerability reports and POA&M items?
  • Can you show recent malware detection reports and response actions?

Ask AI

Configure your API key to use AI features.