Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

si-3(10)

malicious code protection  | malicious code analysis

assessment objective:

Determine if the organization:

si-3(10)(a)

si-3(10)(a)[1]

defines tools and techniques to be employed to analyze the characteristics and behavior of malicious code;

si-3(10)(a)[2]

employs organization-defined tools and techniques to analyze the characteristics and behavior of malicious code; and

si-3(10)(b)

incorporates the results from malicious code analysis into incident response and flaw remediate processes.

potential assessment methods and objects:

Examine: [select from: System and information integrity policy; procedures addressing malicious code protection; procedures addressing incident response; procedures addressing flaw remediation; information system design documentation; malicious code protection mechanisms, tools, and techniques; information system configuration settings and associated documentation; results from malicious code analyses; records of flaw remediation events resulting from malicious code analyses; information system audit records; other relevant documents or records].

Interview: [select from: System/network administrators; organizational personnel with information security responsibilities; organizational personnel installing, configuring, and/or maintaining the information system; organizational personnel with responsibility for malicious code protection; organizational personnel responsible for flaw remediation; organizational personnel responsible for incident response/management].

Test: [select from: Organizational process for incident response; organizational process for flaw remediation; automated mechanisms supporting and/or implementing malicious code protection capability; tools and techniques for analysis of malicious code characteristics and behavior].