Appendix
Sidebar
Table of Contents
Governing Policy
Questions?
Please use the contact section in the governing policy.
Objective
To protect University information and IT resources from viruses or other malicious code, anti-virus/malware software must be used to assist in preventing and detecting infections. Infections must be eradicated or quarantined. Virus/malware is a threat to the University and not limited to a single system.
Security Controls
The following table defines the baseline security controls for anti-virus/malware software capabilities.
| Control | Security Level | |||
|---|---|---|---|---|
| ID | Description | High | Medium | Low |
| VPM.A.01 | Scan critical components such as startup files and boot records | Required | Required | Required |
| VPM.A.02 | Perform real time activities to check for suspicious activity (e.g., scanning email attachments for known malware as emails are sent and received, or files downloaded, opened or executed) | Required | Required | Required |
| VPM.A.03 | Monitor the behavior of common applications that are most likely to infect devices or spread malware to other devices. Examples include email clients, web browsers, and instant messaging software | Required | Required | Required |
| VPM.A.04 | Scan and identify files for known malware | Required | Required | Required |
| VPM.A.05 | Disinfect files (either by removing malware from within a file or quarantining/isolating files containing malware) | Required | Required | Required |
| VPM.A.06 | Receive regular updates for malicious code detection and repair features | Required | Required | Required |
| VPM.A.07 | Track when the virus/malware protection software is deactivated or activated | Required | Required | Required |
| VPM.A.08 | Generate audit logs | Required | Required | Required |
Resources Covered
This applies to IT resources owned or contracted by the University. This also applies to personally owned devices accessing, or authorized to store, University data designated as private-highly restricted or private-restricted.
Individuals Covered
This applies to University community members who use or manage University IT resources.
Related Information
- More information on Virus/Malware Protection Management
- How to use the information security standards
- See the Information Security policy appendices for additional information security standards that also apply to virus/malware protection management.
Published Date
July 2019