Understanding SI.L1-3.14.2: Provide Protection from Malicious CodeThe CMMC Level 1 practiceSI.L1-3.14.2is based onNIST SP 800-171 Requirement 3.14.2, which requires organizations to:
Implement malicious code protection(e.g., antivirus, endpoint security software).
Ensure coverage across all appropriate locations(e.g., workstations, servers, network entry points).
Keep protection mechanisms updated(e.g., regular signature updates, policy enforcement).
Assessment Criteria for a "MET" Rating:To determine whether the practice isMET, the Lead Assessor must confirm that:
✔Antivirus or endpoint protection software is installedon all workstations and servers.
✔The solution is centrally managed, ensuring consistent policy enforcement.
✔Signature updates are current, meaning systems are protected against new threats.
✔Logs or reports demonstrate active monitoring and updates.
Why is the Correct Answer "A. It is sufficient, and the audit finding can be rated as MET"?The provided evidenceconfirms all necessary requirementsfor SI.L1-3.14.2:
✔All workstations and servers have antivirus installed→Meets installation requirement.
✔A centralized management console is in place→Ensures consistent enforcement.
✔Records show antivirus signatures are up to date→Confirms system protection is current.
Because the evidencemeets the requirement, the practice should berated as MET.
B. It is insufficient, and the audit finding can be rated NOT MET → Incorrect
The evidence providedmeets all necessary requirements, so the practiceshould not be rated as NOT MET.
C. It is sufficient, and the Lead Assessor should seek more evidence → Incorrect
Ifadequate evidence already exists,additional evidence is unnecessary.
D. It is insufficient, and the Lead Assessor should seek more evidence → Incorrect
The evidence providedmeets the control requirements, making itsufficient.
Why Are the Other Answers Incorrect?
CMMC Assessment Process (CAP) Document
NIST SP 800-171 (Requirement 3.14.2)
Defines the standard formalicious code protection, which ismet by antivirus with active updates.
CMMC 2.0 Level 1 (Foundational) Requirements
Clarifies that basic cybersecurity measures likeantivirus installation and updatesmeet compliance forSI.L1-3.14.2.
CMMC 2.0 References Supporting This Answer:
Final Answer:✔A. It is sufficient, and the audit finding can be rated as MET.
