Malicious-code protection is deployed and kept current everywhere it should be.
What it actually means
Endpoint protection / anti-malware (ideally EDR) deployed at the right places — endpoints, servers, email gateways — and actually kept up to date. Coverage and currency are what's checked: protection that's installed but disabled or out of date doesn't count.
Pass or fail — an assessor needs a "yes" to each
- Anti-malware / EDR is deployed on endpoints, servers, and email as appropriate.
- Definitions/engine are kept current.
- Coverage spans the in-scope systems with no gaps.
What to have ready
- EDR/anti-malware console showing coverage + update status
- Policy designating where protection is required
- Sample alert/quarantine record
Where teams trip up
- A few machines without protection
- Protection installed but not updating
- No email-borne malware protection
See where this control puts your score
Run all 110 requirements free in about 10 minutes.
Calculate your SPRS score →