CIS Control 10.1: Deploy and Maintain Anti-Malware Software
Anti-malware deployment is a foundational security control that stops threats before they compromise your systems. CIS 10.1 requires organizations to maintain anti-malware solutions across all enterprise assets—a non-negotiable baseline for any compliance program. Without comprehensive coverage, you're leaving critical vulnerabilities exposed to commodity and sophisticated attacks.
What this means
CIS Control 10.1 mandates that organizations deploy anti-malware software on every endpoint, server, and networked device within the enterprise. This includes maintaining current definitions, enabling real-time scanning, and ensuring the solution covers all asset types across on-premises and cloud environments. The control extends beyond installation to active maintenance—updates, tuning, and monitoring for detection events.
How to comply
- 1.Inventory all enterprise assets and identify which require anti-malware protection
- 2.Select anti-malware solutions that meet your environment requirements (Windows, macOS, Linux, mobile)
- 3.Deploy anti-malware across all in-scope assets using centralized management tools
- 4.Configure real-time scanning and automatic definition updates for all endpoints
- 5.Establish monitoring and alerting for malware detection events and remediation
- 6.Document anti-malware deployment status and maintain audit logs of installations and updates
- 7.Review and test anti-malware effectiveness quarterly through controlled scanning
Evidence auditors look for
- Anti-malware deployment inventory showing all assets with installation status and version numbers
- Centralized management console reports demonstrating real-time protection and definition currency
- Event logs capturing malware detections, quarantines, and automated remediation actions
- Policy documentation defining anti-malware requirements and coverage standards
- Update logs proving automatic definition and software updates across the deployment
- Endpoint compliance reports showing 100% coverage against the asset inventory
- Incident response records demonstrating handling of malware alerts and escalations
Frequently asked questions
When will FAQs be available?
The FAQ for this control is currently being prepared.
GRCWatch automatically discovers all enterprise assets, verifies anti-malware deployment status in real-time, and flags coverage gaps—so you maintain 100% compliance without manual spreadsheet updates.
See how GRCWatch handles this control automatically
Start free trial