NIST SP 800-171 & CMMC 2.0 3.7.4 Requirement:

Check media containing diagnostic and test programs for malicious code before the media are used in organizational systems.

NIST SP 800-171 & CMMC 2.0 3.7.4 Requirement Explanation:

As part of troubleshooting, a vendor may provide a diagnostic application to install on a system. As this is executable code, there is a chance that the file is corrupt or infected with malicious code. These applications can either be provided on media such as thumb drives or sent electronically. Even if a diagnostic tool is not on removable media you still need to scan it before using it on your systems.[

Example NIST SP 800-171 & CMMC 2.0 3.7.4 Implementation:

If a third party provides you with a thumb drive or software file to use for diagnostic or test purposes scan them for malware before using them on your systems. If the scan passes you may use the diagnostic software on your systems. Examples of diagnostic tools include the Intel Processor Diagnostic tool and the Dell Embedded Hardware Diagnostics tool.

NIST SP 800-171 & CMMC 2.0 3.7.4 Scenario(s):

- Scenario 1:

One of your servers is experiencing issues. You contact the vendor for support. The vendor sends you a diagnostic tool to run on the server. In accordance with your security policy you scan the tool using virustotal.com to determine if the file is malicious. The scan came back clean so you run it on the server.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
Learn More
HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
Learn More
FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
Learn More
ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.
Learn More