When to use this
Use this standard to define minimum malware protection requirements for endpoints, servers, mobile devices, cloud workloads, email, web access, file uploads, and removable media.
Related controls
- A.8.7 Protection Against Malware
- A.8.1 User End Point Devices
- A.6.3 Information Security Awareness Education and Training
Standard requirements
| Area | Minimum requirement | Owner | Evidence |
|---|---|---|---|
| Endpoints | TBD | TBD | TBD |
| Servers | TBD | TBD | TBD |
| Mobile devices | TBD | TBD | TBD |
| Email/web/file scanning | TBD | TBD | TBD |
| Updates | TBD | TBD | TBD |
| Infection response | TBD | TBD | TBD |
Minimum checks
- Approved malware protection tools are defined.
- Coverage expectations are defined by system type.
- Update frequency and fallback manual update process are defined.
- Real-time or scheduled scanning requirements are defined.
- Infection response and escalation are defined.
- User awareness requirements are defined.
- Template
- Iso27001
- Technological controls
- Malware protection
Note Metadata
Aliases: Anti-Malware Standard
Source: 90 Templates/Malware Protection Standard.md
Related Notes
- ISO 27001 A.6.3 - Information Security Awareness, Education and Training
- A.8.7 Audit Evidence Pack
- ISO 27001 A.8.1 - User End Point Devices
- ISO 27001 A.8.7 - Protection Against Malware
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.8.7 Audit Checklist
- Malware Protection Coverage and Update Register
- Templates MOC