@Arantor said in Securing a SECURE system with antivirus:
The whole point of airgapping a machine is ... you're concerned about infiltration of badware (hence the antivirus)...
This is often a secondary concern. The antivirus software is often there to tick off a box on the STIG.
...you're also probably concerned about exfiltration of sensitive data.
Yes. Exactly this.
The fact that you can plug a USB stick in means that whatever protection against exfiltration you have is now essentially useless.
So, remind me what problem this airgap is supposed to solve again?
If the USB transfer device is not reused on the unclassified network, then the airgap is working as intended. Data from the classified network can't leak out. If the USB device is reused on the unclassified network, then I don't see why this facility passed its security audits. Maybe it was a Government facility, rather than a contractor's facility?