R3 - Malicious Code Prevention

The R3 requirement under NERC CIP Standard 007 mandates that registered entities develop and enforce a documented malicious code prevention program, including anti-virus controls, regular updates, and procedures for detection, containment, and removal of malware across all critical cyber assets. It also calls for periodic testing, monitoring of compliance, and training of personnel to ensure effective protection against malicious software.