System and information integrity policy

The system and information integrity protection policy establishes rules around information system monitoring, updating, patching, scanning, and remediating. The purpose of these activities is to ensure that information system-critical IT hygiene components are functioning and well maintained.

What the system and information integrity policy should address:

• Identifying, reporting, and correcting information and information system flaws in a timely manner
• Providing protection from malicious code at appropriate locations within organizational information systems
• Monitoring information system security alerts and advisories and taking appropriate actions in response
• Updating malicious code protection mechanisms when new releases are available
• Performing periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed
• Monitoring the information system including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks
• Identifying unauthorized use of the information system