ECVP-1

ECVP-1 Virus Protection

Overview

All Servers, workstations and mobile computing devices (i.e. laptop, PDAs) implement virus protection that includes a capability for automatic updates.

MAC / CONF	Impact	Subject Area
MACI MACII MACIII	High	Enclave Computing Environment

Details

Threat
Servers, workstations and mobile computing devices are at risk of attack by computer viruses, unauthorized users, and related threats (Trojan horse, worms, overwriting viruses, malicious code, Denial of Service, etc). Virus protection software is installed on servers, workstations, and mobile computing devices in an effort to reduce the risk of attack. This implementation guide is aimed to help technical managers, system administrators, and individual users implement the tools to prevent, detect, identify and contain/remove viruses.

Threat

Servers, workstations and mobile computing devices are at risk of attack by computer viruses, unauthorized users, and related threats (Trojan horse, worms, overwriting viruses, malicious code, Denial of Service, etc). Virus protection software is installed on servers, workstations, and mobile computing devices in an effort to reduce the risk of attack. This implementation guide is aimed to help technical managers, system administrators, and individual users implement the tools to prevent, detect, identify and contain/remove viruses.

Guidance
1. All servers, workstations and mobile computing devices shall be installed with DoD approved virus protection software. Selection of the individual DoD approved software should be determined by software accuracy, ease of use, administrative overhead, and system overhead, as well as enterprise or organizational policy on antivirus software acquisition. 2. All servers, workstations and mobile computing devices shall be configured to run automatic updates. The scheduling of automatic updates for specific frequency or time periods shall be set in accordance with DoD, organizational, or and other related requirements. 3. Regular automatic updates may be implemented through either a “push” method (administrators sending current definitions to the workforce from an enterprise server) or a “pull” through the commercial Internet from a vendor’s update server. Implementation method should be selected in accordance with system security requirements (e.g., systems behind a classified boundary will require a “push” implementation).

Guidance

1. All servers, workstations and mobile computing devices shall be installed with DoD approved virus protection software. Selection of the individual DoD approved software should be determined by software accuracy, ease of use, administrative overhead, and system overhead, as well as enterprise or organizational policy on antivirus software acquisition.
2. All servers, workstations and mobile computing devices shall be configured to run automatic updates. The scheduling of automatic updates for specific frequency or time periods shall be set in accordance with DoD, organizational, or and other related requirements.
3. Regular automatic updates may be implemented through either a “push” method (administrators sending current definitions to the workforce from an enterprise server) or a “pull” through the commercial Internet from a vendor’s update server. Implementation method should be selected in accordance with system security requirements (e.g., systems behind a classified boundary will require a “push” implementation).

References

CJCSM 8510.101, Defense-in-Depth: Information Assurance (IA) and Computer Network Defense (CND), 25 March 2003
NSA Guide to Securing Windows 2000 – Policy Toolsets, Chapter 3, 05 March 2003
NSA Guide to Securing Windows XP, Chapters 2 and 4, 22 October 2004
DISA Unix STIG, Version 4, Release 4, 15 September 2003
DISA UNISYS STIG, 22 July 2003
NSA Windows 2000 Security Recommendations Guide 16 January 2004
NSA Windows NT Security Recommendations Guide 18 September 2001
DISA Database STIG, Version 7, Release 1, 29 October 2004