Printed on: 06/14/2021. Please go to http://policy.umn.edu for the most current version of the Policy or related document.
University of Minnisota  Appendix

Virus/Malware Protection Management Standard

Appendix to Policy

Objective

To protect University information and IT resources from viruses or other malicious code, anti-virus/malware software must be used to assist in preventing and detecting infections. Infections must be eradicated or quarantined. Virus/malware is a threat to the University and not limited to a single system.

Security Controls

The following table defines the baseline security controls for anti-virus/malware software capabilities.

ControlSecurity Level
IDDescription High Medium Low
VPM.A.01 Scan critical components such as startup files and boot records Required Required Required
VPM.A.02 Perform real time activities to check for suspicious activity (e.g., scanning email attachments for known malware as emails are sent and received, or files downloaded, opened or executed) Required Required Required
VPM.A.03 Monitor the behavior of common applications that are most likely to infect devices or spread malware to other devices. Examples include email clients, web browsers, and instant messaging software Required Required Required
VPM.A.04 Scan and identify files for known malware Required Required Required
VPM.A.05 Disinfect files (either by removing malware from within a file or quarantining/isolating files containing malware) Required Required Required
VPM.A.06 Receive regular updates for malicious code detection and repair features Required Required Required
VPM.A.07 Track when the virus/malware protection software is deactivated or activated Required Required Required
VPM.A.08 Generate audit logs Required Required Required

Resources Covered

This applies to IT resources owned or contracted by the University. This also applies to personally owned devices accessing, or authorized to store, University data designated as private-highly restricted or private-restricted.

Individuals Covered

This applies to University community members who use or manage University IT resources.

Related Information

Published Date

July 2019

Document Feedback

Information Technology