Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

si-3(1)

malicious code protection  | central management

assessment objective:

Determine if the organization centrally manages malicious code protection mechanisms.

potential assessment methods and objects:

Examine: [select from:  System and information integrity policy; procedures addressing malicious code protection; automated mechanisms supporting centralized management of malicious code protection mechanisms; information system design documentation; information system configuration settings and associated documentation; information system audit records; other relevant documents or records].

Interview: [select from: System/network administrators; organizational personnel with information security responsibilities; organizational personnel installing, configuring, and/or maintaining the information system; organizational personnel with responsibility for malicious code protection].

Test: [select from: Organizational processes for central management of malicious code protection mechanisms; automated mechanisms supporting and/or implementing central management of malicious code protection mechanisms].