Virus/Malware Protection Management Standard

Objective

To protect University information and IT resources from viruses or other malicious code, anti-virus/malware software must be used to assist in preventing and detecting infections. Infections must be eradicated or quarantined. Virus/malware is a threat to the University and not limited to a single system.

Security Controls

The following table defines the baseline security controls for anti-virus/malware software capabilities.

Control Security Level
ID Description High Medium Low
VPM.A.01 Scan critical components such as startup files and boot records Required Required Required
VPM.A.02 Perform real time activities to check for suspicious activity (e.g., scanning email attachments for known malware as emails are sent and received, or files downloaded, opened or executed) Required Required Required
VPM.A.03 Monitor the behavior of common applications that are most likely to infect devices or spread malware to other devices. Examples include email clients, web browsers, and instant messaging software Required Required Required
VPM.A.04 Scan and identify files for known malware Required Required Required
VPM.A.05 Disinfect files (either by removing malware from within a file or quarantining/isolating files containing malware) Required Required Required
VPM.A.06 Receive regular updates for malicious code detection and repair features Required Required Required
VPM.A.07 Track when the virus/malware protection software is deactivated or activated Required Required Required
VPM.A.08 Generate audit logs Required Required Required

Resources Covered

This applies to IT resources owned or contracted by the University. This also applies to personally owned devices accessing, or authorized to store, University data designated as private-highly restricted or private-restricted.

Individuals Covered

This applies to University community members who use or manage University IT resources.

Related Information

Published Date

July 2019

Document Feedback

Notification: Please be aware that while we rarely receive these data requests, any information submitted through this comment form is public, including your name, email address and comment/question, unless you are a student.