Implement [Assignment (one or more): signature-based, non-signature-based] malicious code protection mechanisms at system entry and exit points to detect and eradicate malicious code; Automatically …

Prevent or control the installation, spread, and execution of malicious applications, code, or scripts on enterprise assets.

Control the installation, spread, and execution of malicious code at multiple points in the enterprise, while optimizing the use of automation to enable rapid updating of defense, data gathering, and …

Utilize centrally managed anti-malware software to continuously monitor and defend each of the organization's workstations and servers.

Deploy and maintain anti-malware software on all enterprise assets.

Configure managed endpoints with anti-malware detection and prevention technology and services.

Control Statement Centrally manage anti-malware software. [csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures to protect against malware on managed assets. Review and update the policies and procedures at …

The organization: Employs malicious code protection mechanisms at information system entry and exit points to detect and eradicate malicious code; Updates malicious code protection mechanisms …

Control Statement Use behavior-based anti-malware software. [csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]