CMMCDocs.comHome / Glossary / SI.L2-3.14.2
SI.L2-3.14.2
Also known as: Malicious code protection requirement
The NIST SP 800-171 requirement that mandates the contractor provide protection from malicious code at appropriate locations within in-scope systems.
SI.L2-3.14.2 requires the contractor to 'provide protection from malicious code at designated locations within organizational systems.' In practice, this means deploying anti-malware or endpoint detection and response (EDR) tooling on every in-scope endpoint and server, plus mail and web gateway protection where appropriate.
Modern EDR platforms (CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, etc.) cover this requirement and several others (SI.L2-3.14.3, SI.L2-3.14.4, SI.L2-3.14.5) at the same time.
A C3PAO will verify EDR coverage on every in-scope endpoint, sample the alert response workflow, and verify that signatures or behavioral models are kept current.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account