>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SI-3Malicious Code Protection

>Control Description

Because the majority of code operated in federal systems is not developed by the Federal Government, malicious code threats often originate from the supply chain. This controls applies to the federal agency and contractors with code-related responsibilities (e.g., developing code, installing patches, performing system upgrades, etc.), as well as applicable contractor information systems and networks. Enterprises should require their prime contractors to implement this control and flow down this requirement to relevant sub-tier contractors. Departments and agencies should refer to Appendix F to implement this guidance in accordance with Executive Order 14028, Improving the Nation’s Cybersecurity.

>Cross-Framework Mappings

SCF

VPM-05
Compare
VPM-01
Compare
END-04
Compare
END-04.4
Compare
NET-12
Compare
END-04.1
Compare
TDA-18
Compare

Ask AI

Configure your API key to use AI features.