SOC 2 Common Criteria 6.8 Unauthorized and Malicious Code Protection

The SOC 2 Audit Reports provide documentation to help demonstrate compliance with the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA). The SOC 2 CC6.8 Unauthorized and Malicious Code Protection report describes how to access File Integrity Monitoring (FIM) and endpoint protection features in the Alert Logic console to that help you demonstrate compliance with Common Criteria (CC) 6.8.

To access the SOC 2 CC6.8 Unauthorized and Malicious Code Protection report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under SOC 2 Audit, click VIEW.
  4. Click SOC 2 CC6.8 Unauthorized and Malicious Code Protection.

The report summary page displays two columns. Points of Focus lists points of focus, specifically related to all engagements using the trust services criteria, that highlight important characteristics relating to CC6.8. Available Documentation and Artifacts describes, and contains links to, the documentation and compliance artifacts that can demonstrate compliance with each point of focus.

Filter the report

To refine your findings, you can filter your report by date range and customer account.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Available Documentation and Artifacts

This report provides access to your monitored software and configuration file paths, changes to monitored software and configuration files, endpoint protection statuses, and endpoint protection events that help you demonstrate compliance with CC6.8. This criteria requires that the entity implements controls to prevent or detect and act upon the introduction of unauthorized or malicious software to meet the entity’s objectives.

Restricts Application and Software Installation

The Restricts Application and Software Installation point of focus requires you to demonstrate that the ability to install applications and software is restricted to authorized individuals.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.

Detects Unauthorized Changes to Software and Configuration Parameters

The Detects Unauthorized Changes to Software and Configuration Parameters point of focus requires you to demonstrate that processes are in place to detect changes to software and configuration parameters that may be indicative of unauthorized or malicious software.

This section provides you with a link for quick access to the Get Started with Alert Logic Deployments page in the Alert Logic console where you can view the FIM section for configured monitoring software and file paths in a specific deployment. You can use this information to demonstrate that processes are in place to detect changes to software and configuration parameters.

This section also provides you with a link for quick access to the File Integrity Monitoring Dashboard in the Alert Logic console, where you can view or export changes to your monitored software and configuration files. You can use this information to demonstrate that processes are in place to detect changes to software and configuration parameters.

Uses a Defined Change Control Process

The Uses a Defined Change Control Process point of focus requires you to demonstrate that a management-defined change control process is used for the implementation of software.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.

Uses Antivirus and Anti-Malware Software

The Uses Antivirus and Anti-Malware Software point of focus requires you to demonstrate that antivirus and anti-malware software is implemented and maintained to provide for the interception or detection and remediation of malware.

This section provides you with a link for quick access to the Get Started with Alert Logic Extended Endpoint Protection page where you can review the protection status, software version status, and last check-in time for Windows and MacOS endpoints in your environment. You can use this information to demonstrate that you have antivirus and anti-malware software implemented and maintained.

This section provides you with a link for quick access to the Get Started with Alert Logic Extended Endpoint Protection page where you can review malware attacks detected in your environment and the action taken in response to quarantine and override malicious files or isolated vulnerable endpoints. You can use this information to confirm you have antivirus and anti-malware software implemented.

Scans Information Assets from Outside the Entity for Malware and Other Unauthorized Software

The Scans Information Assets from Outside the Entity for Malware and Other Unauthorized Software point of focus requires you to demonstrate that procedures are in place to scan information assets that have been transferred or returned to the entity’s custody for malware and other unauthorized software and to remove any items detected prior to its implementation on the network.

Alert Logic does not provide data for this point of focus. You must provide the policy and procedure documents for this audit.