Malware Defenses
Deploy and maintain anti-malware software on all enterprise assets.
Malware Defenses
Configure automatic updates for anti-malware signature files on all enterprise assets.
Malware Defenses
Disable autorun and autoplay auto-execute functionality for removable media.
Malware Defenses
Configure anti-malware software to automatically scan removable media.
Malware Defenses
Enable anti-exploitation features on enterprise assets and software, where possible, such as Microsoft® Data Execution Prevention (DEP), Windows® Defender Exploit Guard (WDEG), or Apple® System Integrity Protection (SIP) and Gatekeeper™.
Malware Defenses
Centrally manage anti-malware software.
Malware Defenses
Use behavior-based anti-malware software.
Data Recovery
Establish and maintain a data recovery process. In the process, address the scope of data recovery activities, recovery prioritization, and the security of backup data. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
Data Recovery
Level 1
Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data.
Data Recovery
Level 1
Protect recovery data with equivalent controls to the original data. Reference encryption or data separation, based on requirements.
