Basic Security Requirements:

14.1 Identify, report, and correct information and information system flaws in a timely manner.

14.2 Provide protection from malicious code at appropriate locations within organizational information systems.

14.3 Monitor information system security alerts and advisories and take appropriate actions in response.

Derived Security Requirements:

14.4 Update malicious code protection mechanisms when new releases are available.

14.5 Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

14.6 Monitor the information system including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.

14.7 Identify unauthorized use of the information system.