Statement

Malicious code (viruses, worms, spyware, etc) poses a significant risk to University resources.  Proper mechanisms for detections and removal of malicious code as well as the conducting of periodic system scans for vulnerabilities is required to mitigate this risk.

Applicability

This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.

Implementation

WTAMU shall employ malicious code protection that:

• Are configured to detect and eradicate malicious code at system entry and exit points
• Updates malicious code protection mechanisms whenever new releases are available in accordance with University configuration management policy and procedures
• Configures malicious code protection mechanisms to perform periodic scans of the information systems as well as real-time scans of files from external sources, including email, which are downloaded or opened on a WTAMU resource
• Address the receipt of false positives during malicious code detections and the resulting impact of the availability of the system

Where possible and practical, host-based firewalls or additional hardware shall be configured to aid in the prevention of malicous code attacks or infections.

The centrally-managed anti-virus software designated by IT is required unless an exception is granted by he ISO.