Summary

The system must validate that the content of the files transferred to it is free of malicious code.

Description

This refers to a cybersecurity control that involves implementing mechanisms to regularly inspect files for the presence of malicious code or malware. This control is helps to identify and mitigate potential security threats, as malicious code can pose significant risks to the security of a system.

References

• CAPEC-17. Using malicious files
• CAPEC-23. File content injection
• CAPEC-165. File manipulation
• CAPEC-549. Local execution of code
• CIS-2_5. Allowlist authorized software
• CWE-509. Replicating malicious code (virus or worm)
• CWE-749. Exposed dangerous method or function
• NERCCIP-003-8_5_1. Transient cyber asset and removable media malicious code risk mitigation
• MITRE-M1016. Vulnerability scanning
• MITRE-M1049. Antivirus/antimalware
• SANS25-10. Unrestricted upload of file with dangerous type
• CMMC-MA_L2-3_7_4. Media inspection
• CMMC-RA_L2-3_11_2. Vulnerability scan
• CMMC-SI_L1-3_14_2. Malicious code protection
• CMMC-SI_L1-3_14_5. System & file scanning
• HITRUST-09_j. Controls against malicious code
• FEDRAMP-CA-2_2. Security assessment - Specialized assessments
• FEDRAMP-RA-5. Vulnerability scanning
• FEDRAMP-SI-3. Malicious code protection
• IEC62443-SI-3_2. Malicious code protection
• WASSEC-6_2_4_10. Command execution - Potential malicious file uploads
• OSSTMM3-11_3_1. Data networks security (active detection verification) - Filtering
• NISTSSDF-PS_3_1. Archive and protect each software release
• ISSAF-J_4. Network security - Anti-virus system (objective)
• ISSAF-Q_16_27. Host security - Windows security (DLL injection attack)
• OWASPSCP-12. File management
• ASVS-10_2_1. Malicious code search
• ASVS-10_2_6. Malicious code search
• CWE25-434. Unrestricted upload of file with dangerous type

Weaknesses

• 027. Insecure file upload
• 354. Insecure file upload - Files Limit
• 413. Insecure file upload - DLL Injection
• 424. Sideloaded