SI-3(4): Updates Only By Privileged Users

CSF v1.1 References:


(Not part of any baseline)

Next Version:

Control Statement

The information system updates malicious code protection mechanisms only when directed by a privileged user.

Supplemental Guidance

This control enhancement may be appropriate for situations where for reasons of security or operational continuity, updates are only applied when selected/approved by designated organizational personnel.