Controls

Terug naar overzicht
Version

SB.7.002 Anti-Malware protection

Endpoint Security
Low
Low
Low
Organisation
v2.0 (Q1 2024)

Description

Regular end-users do not have privileged access to endpoints continuously, including but not limited to the ability to modify organisationally managed system settings, changes to environment variables, directly modify the registry, modify files in system directories or install programs.

Only users that have a demonstrable need for a local privileged account to perform their work activities can have access to a local privileged account. This access adheres to the privileged access controls, including just-in-time and just-enough admin.

These privileges are registered together with the reason why and the approver.

Specification

Protection against malware should be present on managed endpoints and maintain up-to-date malware definitions (maximum one day old). Detection must be both signature- and behaviour-based.

Removable media must be scanned automatically for malware upon insertion and are not allowed to run content .automatically

The unplanned modification or termination of (parts of) the security protection measures (such as anti-malware measures) on endpoints should result in immediate alerts. Malware definitions that are more than one day old should also result in immediate alerts.

Specification

ISO

NBA