SI.L1-3.14.5: System and File Scanning
CMMC Level 1 requires periodic scans of your entire information system plus real-time scanning of files from external sources as they're downloaded, opened, or executed. This dual-layer approach catches known threats before they compromise your network. Understanding and implementing this control is essential for meeting CMMC Level 1 compliance and protecting sensitive data.
What this means
This control mandates two complementary scanning strategies. Periodic system scans run on a defined schedule across all connected systems to detect malware, vulnerabilities, and policy violations. Real-time file scanning monitors external sources—email attachments, downloads, USB drives, cloud storage—and automatically scans files as they enter your environment. Together, these controls create a continuous defense against malicious code and known threats entering your network.
How to comply
- 1.Deploy antivirus and anti-malware software across all systems with regular signature updates.
- 2.Configure periodic full system scans on a documented schedule (daily, weekly, or monthly depending on risk).
- 3.Enable real-time file scanning on all external entry points including email gateways, web browsers, and file shares.
- 4.Establish automated quarantine procedures for detected threats and log all scan results.
- 5.Document your scanning policy including frequency, scope, tools used, and remediation procedures.
- 6.Review and test scanning effectiveness quarterly to ensure malware signatures remain current.
- 7.Ensure scanning tools run with appropriate permissions and cannot be disabled by users.
Evidence auditors look for
- Antivirus/anti-malware deployment and configuration documentation showing periodic scan schedules.
- Real-time scanning policy for email, downloads, USB devices, and cloud file access.
- Scan logs and reports from the past 90 days showing both periodic and real-time detections.
- Malware signature update logs confirming automatic or scheduled weekly updates.
- Incident response procedures documenting how quarantined files are investigated and handled.
- Asset inventory listing all systems with scanning capabilities enabled.
- Screenshots or configuration exports showing real-time scanning is enabled on external file sources.
Frequently asked questions
When will FAQs be available?
The FAQ for this control is currently being prepared.
GRCWatch automates real-time file scanning compliance tracking and maintains audit-ready logs of all periodic and real-time scans across your systems—eliminating manual log collection during CMMC assessments.
See how GRCWatch handles this control automatically
Start free trial