GRCWatch
Sign inStart free trial

SOC 2 CC6.8: Malicious Software Prevention

CC6.8 requires your organization to actively prevent, detect, and respond to unauthorized or malicious software across all systems. This critical control protects your infrastructure, data, and customer trust while demonstrating security maturity to auditors and clients.

What this means

Malicious software prevention under CC6.8 means establishing a layered security strategy that stops threats before they enter your environment, identifies suspicious activity in real-time, and enables rapid response when incidents occur. Your controls must cover endpoint protection, network monitoring, email filtering, and vulnerability management across all company-owned and managed devices.

How to comply

  1. 1.Deploy endpoint detection and response (EDR) or antivirus software on all devices with real-time scanning and automatic quarantine capabilities
  2. 2.Implement email and web gateway filtering to block malicious links, attachments, and known malware signatures
  3. 3.Establish a patch management program that prioritizes security updates for operating systems, browsers, and third-party applications
  4. 4.Configure host-based firewalls and disable unnecessary network services and ports
  5. 5.Create and enforce a secure software development policy that includes code review and dependency scanning for custom applications
  6. 6.Monitor system logs and network traffic for indicators of compromise using SIEM tools or log aggregation
  7. 7.Conduct regular security awareness training emphasizing phishing recognition and safe browsing practices
  8. 8.Document all malware incidents, response actions, and remediation steps in a centralized incident log
  9. 9.Review antivirus/EDR logs and security alerts monthly to verify detection and removal effectiveness

Evidence auditors look for

  • Endpoint protection deployment reports showing coverage across 100% of company devices
  • Email gateway and web filter configuration screenshots with threat blocking rules enabled
  • Patch management inventory listing all systems, patch dates, and successful update confirmations
  • Antivirus/EDR console logs showing detection, quarantine, and remediation of malware samples
  • Firewall configuration backups with disabled ports and services documented
  • Incident response tickets demonstrating response to detected malware threats within SLA timeframes
  • Monthly security awareness training attendance records and phishing simulation results
  • Network intrusion detection system (IDS) alerts and investigated suspicious activities
  • Software bill of materials (SBOM) and vulnerability scan reports for custom development

Frequently asked questions

When will FAQs be available?

The FAQ for this control is currently being prepared.

GRCWatch automatically tracks malware prevention control implementation across your tech stack, centralizes evidence collection from antivirus logs and patch reports, and generates audit-ready documentation—eliminating manual compliance tracking for CC6.8.

See how GRCWatch handles this control automatically

Start free trial

Related controls

CC6.1 - Logical and Physical Access ControlsCC7.2 - System MonitoringCC7.3 - Monitoring Tools ConfigurationCC6.2 - Prior to issuing system credentials