SI.L1-3.14.5—System & File Scanning
>Control Description
Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.
>Cross-Framework Mappings
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What is your malware scanning policy?
- •How frequently do you perform full system scans?
- •How do you ensure real-time scanning is enabled for all systems?
- •What is your process for handling scan results and detections?
- •Who reviews malware scan logs and how often?
Technical Implementation:
- •What technologies provide real-time malware scanning?
- •What scheduled full-system scans are configured?
- •What on-access scanning protects file operations?
- •What network-based malware scanning occurs?
- •What tools scan files from external sources?
- •What logging captures scan results and detections?
Evidence & Documentation:
- •What patch management reports show timely patching?
- •What anti-malware deployment and update reports can you provide?
- •What malware scan reports and logs can you show?
- •What security monitoring reports demonstrate monitoring is occurring?
- •What security alert tracking shows alerts are reviewed and acted upon?
- •What incident detection logs demonstrate security monitoring?
- •What patch testing procedures can you provide?
Ask AI
Configure your API key to use AI features.