5 — Protect All Systems and Networks from Malicious Software
11 requirements in the Protect All Systems and Networks from Malicious Software requirement
5.1.1All security policies and operational procedures that are identified in Requirement 5 are: Documented. Kept up to date. In use. Known to all affected parties.
5.1.2Roles and responsibilities for performing activities in Requirement 5 are documented, assigned, and understood.
5.2.1An anti-malware solution(s) is deployed on all system components, except for those system components identified in periodic evaluations per Requirement 5.
5.2.2The deployed anti-malware solution(s): Detects all known types of malware.
5.2.3Any system components that are not at risk for malware are evaluated periodically to include the following: A documented list of all system components not at risk for malware.
5.3.1The anti-malware solution(s) is kept current via automatic updates.
5.3.2The anti-malware solution(s): Performs periodic scans and active or real-time scans OR Performs continuous behavioral analysis of systems or processes.
5.3.3For removable electronic media, the anti-malware solution(s): Performs automatic scans of when the media is inserted, connected, or logically mounted, OR Performs continuous behavioral analysis of systems or processes when the media is inserted, connected, or logically mounted.
5.3.4Audit logs for the anti-malware solution(s) are enabled and retained in accordance with Requirement 10.
5.3.5Anti-malware mechanisms cannot be disabled or altered by users, unless specifically documented, and authorized by management on a case-by-case basis for a limited time period.
5.4.1Processes and automated mechanisms are in place to detect and protect personnel against phishing attacks.