Requirement

Malware protection

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

Fulfill this requirement by completing the tasks below ->
Malware protection
This requirement is part of the framework:  

Other requirements of the framework

No items found.
0
Malware protection
No items found.
Technical cyber security
Best practices
How to implement:
Malware protection
This policy on
Malware protection
provides a set concrete tasks you can complete to secure this topic. Follow these best practices to ensure compliance and strengthen your overall security posture.
Read below what concrete actions you can take to improve this ->
Technical cyber security
Malware protection
Frameworks that include requirements for this topic:
Lov om digital sikkerhet (Norge)
Cybersikkerhedsloven (Danmark)
Avviż Legali 71 tal-2025 (Malta)
Закон за прилагане на NIS2 (България)
Ley de Ciberseguridad (España)
Ordonanța de Urgență a Guvernului nr. 155/2024 (România)

How to improve security around this topic

In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.

Here's a list of tasks that help you improve your information and cyber security related to
Malware protection
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
Selection and use of malware detection software on all devices
Critical
High
Normal
Low
47
requirements
Technical cyber security
Malware protection

Selection and use of malware detection software on all devices

This task helps you comply with the following requirements

Članak 30.1.b (logs): Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanjeNIS2 Croatia
9.9a §: Poikkeamien havainnointiKyberturvallisuuslaki
5.2.3: Malware protectionTISAX
30 § 3.2° (détection et journaux): La gestion des incidentsNIS2 Belgium
3.1.3: Use automated and centralised tools to handle known threatsNSM ICT-SP
DE.CM-4: Malicious code is detected.CyberFundamentals
PR.PT-4: Communications and control networks are protected. Web and e-mail filters shall be installed and used.CyberFundamentals
14.5.3.b): žurnalai ir aptikimasNIS2 Lithuania
Article 10: DetectionDORA
DE.CM-4: Malicious code detectionNIST
Defining requirements for malware protection
Critical
High
Normal
Low
3
requirements
Technical cyber security
Malware protection

Defining requirements for malware protection

This task helps you comply with the following requirements

5.2.3: Malware protectionTISAX
Dissemination of security updates
Critical
High
Normal
Low
1
requirements
Technical cyber security
Malware protection

Dissemination of security updates

This task helps you comply with the following requirements

Vuln.8: Obligation to provide security updatesCRA
Publicly disclosing information about fixed vulnerabilities
Critical
High
Normal
Low
1
requirements
Technical cyber security
Malware protection

Publicly disclosing information about fixed vulnerabilities

This task helps you comply with the following requirements

Vuln.4: Disclosing information about fixed vulnerabilitiesCRA
Process for deleting data from products
Critical
High
Normal
Low
1
requirements
Technical cyber security
Malware protection

Process for deleting data from products

This task helps you comply with the following requirements

Article 13.1(.2.m): Removing dataCRA
Product security testing
Critical
High
Normal
Low
1
requirements
Technical cyber security
Malware protection

Product security testing

This task helps you comply with the following requirements

Vuln.3: Effective and regular testingCRA
Listing essential cybersecurity requirements, related to the product and cyber security processes
Critical
High
Normal
Low
1
requirements
Technical cyber security
Malware protection

Listing essential cybersecurity requirements, related to the product and cyber security processes

This task helps you comply with the following requirements

Article 13.12: Technical documentationCRA
Unauthorized access to digital products is prevented
Critical
High
Normal
Low
1
requirements
Technical cyber security
Malware protection

Unauthorized access to digital products is prevented

This task helps you comply with the following requirements

Article 13.1(.2.d): Protection from unauthorised accessCRA
Enabling features of anti-exploitation
Critical
High
Normal
Low
1
requirements
Technical cyber security
Malware protection

Enabling features of anti-exploitation

This task helps you comply with the following requirements

10.5: Enable Anti-Exploitation FeaturesCIS 18
Configuring automatic anti-malware scanning of removable media
Critical
High
Normal
Low
1
requirements
Technical cyber security
Malware protection

Configuring automatic anti-malware scanning of removable media

This task helps you comply with the following requirements

10.4: Configure Automatic Anti-Malware Scanning of Removable MediaCIS 18
Creating an allowlist for approved libraries
Critical
High
Normal
Low
2
requirements
Technical cyber security
Malware protection

Creating an allowlist for approved libraries

This task helps you comply with the following requirements

2.6: Allowlist Authorized LibrariesCIS 18
16.5: Use Up-to-Date and Trusted Third-Party Software ComponentsCIS 18
Establish a allowlist for approved scripts
Critical
High
Normal
Low
1
requirements
Technical cyber security
Malware protection

Establish a allowlist for approved scripts

This task helps you comply with the following requirements

2.7: Allowlist Authorized ScriptsCIS 18
Automatic blocking and detecting of unauthorized hardware
Critical
High
Normal
Low
2
requirements
Technical cyber security
Malware protection

Automatic blocking and detecting of unauthorized hardware

This task helps you comply with the following requirements

ID.AM-1: Physical devices and systems used within the organization are inventoried.CyberFundamentals
Protection of programs in the data processing environment from network attacks
Critical
High
Normal
Low
1
requirements
Technical cyber security
Malware protection

Protection of programs in the data processing environment from network attacks

This task helps you comply with the following requirements

I-13: MONITASOINEN SUOJAAMINEN KOKO ELINKAAREN AJAN – OHJELMISTOJEN SUOJAAMINEN VERKKOHYÖKKÄYKSILTÄKatakri 2020
Detecting and blocking access to dangerous websites
Critical
High
Normal
Low
7
requirements
Technical cyber security
Malware protection

Detecting and blocking access to dangerous websites

This task helps you comply with the following requirements

12.2.1: Controls against malwareISO 27001
12.2: Protection from malwareISO 27001
8.7: Protection against malwareISO 27001
8.23: Web filteringISO 27001
CC6.8: Detection and prevention of unauthorized or malicious softwareSOC 2
DE.CM-4: Malicious code is detected.CyberFundamentals
Regular malware inspection of data systems supporting critical business processes
Critical
High
Normal
Low
32
requirements
Technical cyber security
Malware protection

Regular malware inspection of data systems supporting critical business processes

This task helps you comply with the following requirements

Članak 30.1.b (logs): Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanjeNIS2 Croatia
9.9a §: Poikkeamien havainnointiKyberturvallisuuslaki
30 § 3.2° (détection et journaux): La gestion des incidentsNIS2 Belgium
PR.DS-6: Integrity checking mechanisms are used to verify software, firmware, and information integrity.CyberFundamentals
DE.CM-4: Malicious code is detected.CyberFundamentals
14.5.3.b): žurnalai ir aptikimasNIS2 Lithuania
DE.CM-4: Malicious code detectionNIST
PR.DS-6: Integrity checkingNIST
27.(b).2 (eģistrēšana un atklāšana): Incidentu pārvaldība, reģistrēšana un atklāšanaNIS2 Latvia
Article 34: ICT operations securityDORA simplified RMF
Procedures and data sources for gathering reliable information about malware
Critical
High
Normal
Low
7
requirements
Technical cyber security
Malware protection

Procedures and data sources for gathering reliable information about malware

This task helps you comply with the following requirements

12.2.1: Controls against malwareISO 27001
12.2: Protection from malwareISO 27001
ID.RA-2: Cyber threat intelligenceNIST
8.7: Protection against malwareISO 27001
ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources.CyberFundamentals
ID.RA-02: Cyber threat intelligence from forums and sourcesNIST 2.0
DE.AE-07: Information from cyber threat intelligence and other contextual informationNIST 2.0
Laitteiden liityntöjen rajoittaminen (ST III-II)
Critical
High
Normal
Low
1
requirements
Technical cyber security
Malware protection

Laitteiden liityntöjen rajoittaminen (ST III-II)

This task helps you comply with the following requirements

I09: HaittaohjelmasuojausKatakri
Disabling auto-run of software
Critical
High
Normal
Low
2
requirements
Technical cyber security
Malware protection

Disabling auto-run of software

This task helps you comply with the following requirements

SEC-04: Disabling auto-run of softwareCyber Essentials
10.3: Disable Autorun and Autoplay for Removable MediaCIS 18
Automatic file scan by malware protection software
Critical
High
Normal
Low
3
requirements
Technical cyber security
Malware protection

Automatic file scan by malware protection software

This task helps you comply with the following requirements

MWP-02: Automatic file scan by anti-malware softwareCyber Essentials
3.1.3: Use automated and centralised tools to handle known threatsNSM ICT-SP
10.1: Deploy and Maintain Anti-Malware SoftwareCIS 18
Automatic website scan by malware protection software
Critical
High
Normal
Low
2
requirements
Technical cyber security
Malware protection

Automatic website scan by malware protection software

This task helps you comply with the following requirements

MWP-03: Automatic website scan by anti-malware softwareCyber Essentials
10.1: Deploy and Maintain Anti-Malware SoftwareCIS 18
Blacklisting
Critical
High
Normal
Low
1
requirements
Technical cyber security
Malware protection

Blacklisting

This task helps you comply with the following requirements

MWP-04: Blocking connections to malicious websitesCyber Essentials
Whitelisting
Critical
High
Normal
Low
9
requirements
Technical cyber security
Malware protection

Whitelisting

This task helps you comply with the following requirements

MWP-05: WhitelistingCyber Essentials
MWP: Application allow listingCyber Essentials
1.2.2: Establish organisational guidelines for approved devices and softwareNSM ICT-SP
1.2.4: Identify the software in use at the organisationNSM ICT-SP
2.3.2: Configure clients so that only software known to the organisation is able to executeNSM ICT-SP
2.8.4: Only permit organisation-approved pluginsNSM ICT-SP
9.4: Restrict Unnecessary or Unauthorized Browser and Email Client ExtensionsCIS 18
2.5: Allowlist Authorized SoftwareCIS 18
Haittaohjelmasuojaus tietojärjestelmissä (TL IV)
Critical
High
Normal
Low
2
requirements
Technical cyber security
Malware protection

Haittaohjelmasuojaus tietojärjestelmissä (TL IV)

This task helps you comply with the following requirements

TEK-11.1: Haittaohjelmilta suojautuminenJulkri
I-09: MONITASOINEN SUOJAAMINEN – HAITTAOHJELMASUOJAUSKatakri 2020
Haittaohjelmasuojaus julkisista verkoista eristetyissä järjestelmissä (TL III)
Critical
High
Normal
Low
2
requirements
Technical cyber security
Malware protection

Haittaohjelmasuojaus julkisista verkoista eristetyissä järjestelmissä (TL III)

This task helps you comply with the following requirements

TEK-11.2: Haittaohjelmilta suojautuminen - TL IIIJulkri
I-09: MONITASOINEN SUOJAAMINEN – HAITTAOHJELMASUOJAUSKatakri 2020
Minimize the risk posed by the software that accompanies documents
Critical
High
Normal
Low
1
requirements
Technical cyber security
Malware protection

Minimize the risk posed by the software that accompanies documents

This task helps you comply with the following requirements

2.3.2: Configure clients so that only software known to the organisation is able to executeNSM ICT-SP
Detecting unconfirmed mobile apps
Critical
High
Normal
Low
5
requirements
Technical cyber security
Malware protection

Detecting unconfirmed mobile apps

This task helps you comply with the following requirements

12.2.1: Controls against malwareISO 27001
12.2: Protection from malwareISO 27001
SEC-03: Removing unnecessary software and network servicesCyber Essentials
DE.CM-5: Unauthorized mobile code is detected.CyberFundamentals
2.3.2: Configure clients so that only software known to the organisation is able to executeNSM ICT-SP
Use malware systems from multiple vendors
Critical
High
Normal
Low
4
requirements
Technical cyber security
Malware protection

Use malware systems from multiple vendors

This task helps you comply with the following requirements

12.2.1: Controls against malwareISO 27001
12.2: Protection from malwareISO 27001
DE.CM-4: Malicious code detectionNIST
DE.CM-4: Malicious code is detected.CyberFundamentals
Automatic blocking and detecting of unauthorized software
Critical
High
Normal
Low
17
requirements
Technical cyber security
Malware protection

Automatic blocking and detecting of unauthorized software

This task helps you comply with the following requirements

12.2.1: Controls against malwareISO 27001
12.2: Protection from malwareISO 27001
DE.CM-5: Unauthorized mobile code detectionNIST
8.7: Protection against malwareISO 27001
5.2.3: Malware protectionTISAX
ID.AM-2: Software platforms and applications used within the organization are inventoried.CyberFundamentals
PR.PT-3: The principle of least functionality is incorporated by configuring systems to provide only essential capabilities.CyberFundamentals
2.1.4: Reduce the risk of targeted manipulation of ICT products in the supply chainNSM ICT-SP
2.3.2: Configure clients so that only software known to the organisation is able to executeNSM ICT-SP
2.8.4: Only permit organisation-approved pluginsNSM ICT-SP
Informing staff about new, relevant malware
Critical
High
Normal
Low
5
requirements
Technical cyber security
Malware protection

Informing staff about new, relevant malware

This task helps you comply with the following requirements

7.2.2: Information security awareness, education and trainingISO 27001
12.2.1: Controls against malwareISO 27001
12.2: Protection from malwareISO 27001
WORKFORCE-2: Increase Cybersecurity AwarenessC2M2
2.1.3: Staff trainingTISAX
Instructing and training staff regarding malware
Critical
High
Normal
Low
31
requirements
Technical cyber security
Malware protection

Instructing and training staff regarding malware

This task helps you comply with the following requirements

Članak 30.1.b (logs): Postupanje s incidentima, uključujući njihovo praćenje, evidentiranje i prijavljivanjeNIS2 Croatia
9.9a §: Poikkeamien havainnointiKyberturvallisuuslaki
5.2.3: Malware protectionTISAX
30 § 3.2° (détection et journaux): La gestion des incidentsNIS2 Belgium
14.5.3.b): žurnalai ir aptikimasNIS2 Lithuania
I-09: MONITASOINEN SUOJAAMINEN – HAITTAOHJELMASUOJAUSKatakri 2020
27.(b).2 (eģistrēšana un atklāšana): Incidentu pārvaldība, reģistrēšana un atklāšanaNIS2 Latvia
Art. 24.2.b.2: Gestione degli incidenti (Registrazione e rilevamento)NIS2 Italy
46: Haittalohjelmien torjuntaDigiturvan kokonaiskuvapalvelu
TEK-11: Haittaohjelmilta suojautuminenJulkri
Complete these tasks in Cyberday ISMS ->

How to comply with this requirement

In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.

Here's a list of tasks that help you comply with the requirement
Malware protection
of the framework  
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
No other tasks found.
Complete these tasks in Cyberday ISMS ->

The ISMS component hierachy

When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.

Framework

Sets the overall compliance standard or regulation your organization needs to follow.

Requirements

Break down the framework into specific obligations that must be met.

Tasks

Concrete actions and activities your team carries out to satisfy each requirement.

Policies

Documented rules and practices that are created and maintained as a result of completing tasks.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security