MALICIOUS CODE PROTECTION - 5355.1

Policy: Each state entity shall employ malicious code protection mechanisms at information asset entry and exit points and at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code.

Malicious code protection mechanisms may not always detect malicious code; therefore, each state entity shall implement additional safeguards to help ensure that software does not perform functions other than those intended. Examples of additional safeguard include, but are not limited to, secure coding practices, configuration management and control, trusted procurement processes, and monitoring practices.

Implementation Controls:  NIST SP 800-53: System and Information Integrity (SI); Supply Chain Risk Management (SR)