Malware Defense Policy Template for CIS Control 10

Malware is one of the most common threats facing an enterprise. Malware can be used to capture credentials, steal data, identify other targets within the network, and encrypt or destroy data. Malware enters an enterprise through vulnerabilities within the enterprise on end-user devices, email attachments, webpages, cloud services, mobile devices, removable media, and more. Often, malware relies on insecure end-user behavior, such as clicking links, opening attachments, installing software or profiles, or inserting Universal Serial Bus (USB) flash drives into systems. Modern malware is designed to avoid, deceive, and disable defenses. Therefore, malware defenses must be able to operate in a dynamic environment through automation, timely and rapid updating, and integration with other processes like vulnerability management and incident response. Defenses must be deployed at all possible entry points and enterprise assets to detect, prevent spread, or control the execution of malicious software or code.

This policy template is meant to supplement the CIS Controls v8. The policy statements included within this document can be used by all CIS Implementation Groups (IGs) but are specifically geared toward Safeguards in Implementation Group 1 (IG1).