Skip to content

Family 3.14 7 requirements

System Integrity.

Patch fast. Watch for what slips through.

The big picture

Patching is half the work — the other half is detecting the malicious activity that gets in through what wasn't patched yet.

Theme 1

Flaws and malicious code.

3.14.1 — 3.14.5

Identifying and remediating flaws, deploying anti-malware, monitoring alerts, and updating defences.

3.14.1 Patch Your Systems. Identify, report, and correct system flaws in a timely manner. Defined SLAs by severity. 5 pts
L1

3.14.2 Deploy Anti-Malware. Endpoint protection — AV/EDR — on every CUI system. No exceptions, no gaps. 5 pts
L1

3.14.3 Act on Advisories. Subscribe to security advisories, evaluate them for relevance, and take documented action. 1 pts

3.14.4 Keep Protection Current. Malware protection signatures and engines update automatically. Verify updates are applying. 5 pts
L1

3.14.5 Scan Regularly. Periodic full malware scans plus real-time scanning of files from external sources. 3 pts
L1

Theme 2

Monitor and act.

3.14.6 — 3.14.7

Monitoring system communications and unauthorised use, and watching for indicators of compromise.

3.14.6 Watch the Network. Monitor your systems and network traffic — inbound and outbound — to detect attacks and indicators of potential attacks. 3 pts

3.14.7 Catch Unauthorized Use. Define authorized use of your systems and detect when they're used outside that scope. 3 pts