What does SI.L2-3.14.5 emphasize about scanning systems and files?

The correct answer emphasizes the importance of conducting periodic and real-time scans for malicious code. This practice is crucial for maintaining the integrity and security of information systems within an organization. Regular scanning helps in early detection of potential threats and vulnerabilities, ensuring that malicious software is identified and addressed promptly to prevent any damage or data breaches.

Implementing both periodic and real-time scans creates multiple layers of defense, allowing organizations to not only react to current threats but also to anticipate and mitigate future risks. This proactive approach to cybersecurity is a key component of effective risk management and supports the overall goal of safeguarding sensitive information.

The other options do not align with the practices outlined in the CMMC framework. For instance, requiring manual reviews for all files would be inefficient and impractical in most scenarios, especially given the volume of files that organizations handle. Avoiding scans during business hours could leave systems vulnerable during peak operational times. Lastly, limiting scans to only external files ignores the necessity of scanning internal files, which can also harbor threats.