Cyber Essentials Malware Protection
Cyber Essentials - Malware Protection Requirements
If a system is infected with malware, your organization is likely to suffer from problems like malfunctioning systems, data loss, or onward infection that goes unseen until it causes harm elsewhere. Malware will inevitably penetrate your network and the cyber essentials malware protection controls ensures that you have defenses that provide significant visibility and breach detection.
You can largely avoid the potential for harm from malware by:
• detecting and disabling malware before it causes harm (anti-malware).
• executing only software that you know to be worthy of trust (allow listing).
• executing untrusted software in an environment that controls access to other data (sandboxing).
Cyber Essentials Anti-Malware Requirements
Cyber essentials requires that malware protection mechanisms are implemented and all devices using one of the three protection mechanisms:
Where anti-malware software is used:
• the software must be kept up to date, with signature files updated at least daily.
• the software must be configured to scan files automatically upon access (this includes when files are downloaded and opened, and when they are accessed from a network folder).
• the software must scan web pages automatically when they are accessed through a web browser (whether by other software or by the browser itself).
• the software must prevent connections to malicious websites on the Internet (unless there is a clear, documented business need and the business understands and accepts the associated risk).
Application Allow Listing
Where application allow listing is used it must be configured so that only approved applications, restricted by code signing, can be executed on devices. Where application allow lists are used the organization must:
• actively approve applications before deploying them to devices
• maintain a current list of approved applications
• prevent users from being able to install any application that is unsigned or has an invalid signature.
Application sandboxing runs all code of unknown origin within a ‘sandbox’. The application sandbox must prevents access to other resources unless permission is explicitly granted by the user. This includes:
• other sandboxed applications
• data stores, such as those holding documents and photos
• sensitive peripherals, such as the camera, microphone and GPS
• local network access