What is NIST 800-171 Control 3.14.5?
This control ensures two types of scanning:
1. Periodic system scans – Regular full or targeted scans of organizational systems to detect malware or anomalies.
2. Real-time scanning – Continuous monitoring of files from external sources as they are introduced or executed.
These scans are essential for early detection of malicious code or unauthorized modifications to systems and files.
Why It Matters
Threats can enter your network in many ways:
• Email attachments
• Internet downloads
• Portable media
• Insider actions
Without real-time and periodic scanning, malicious files can remain undetected until damage is done.
How to Implement It
• Use endpoint protection tools that support both:
◦ On-access (real-time) scanning
◦ Scheduled full and partial scans
• Configure real-time scanning for:
◦ Incoming emails
◦ Web downloads
◦ Plugged-in USB devices
• Set up alerts for malware detections or scan failures
• Review logs and reports regularly
• Include scan results in security incident analysis and remediation plans
Common Mistakes
• Only running scheduled scans without real-time protection
• Skipping scans on “low-risk” systems like print servers or test environments
• Failing to monitor or respond to scan results
How Cuick Trac Helps
Cuick Trac supports this control by:
• Integrating real-time malware detection and scheduled scanning into its secure enclave
• Preventing file execution from untrusted sources without scanning
• Providing alerts, logs, and reports for malware-related events
• Offering guidance for managing external file scanning policies on external systems
With Cuick Trac, file activity is monitored in real time—before anything malicious can take hold.
Final CTA
Scanning isn’t optional—it’s how you catch what your users and firewalls might miss.
Schedule a Cuick Trac demo and close the gap between file entry and file protection.