SI-3(4): Updates Only by Privileged Users

CSF v1.1 References:


(Not part of any baseline)

Previous Version:

Control Statement

Update malicious code protection mechanisms only when directed by a privileged user.

Supplemental Guidance

Protection mechanisms for malicious code are typically categorized as security-related software and, as such, are only updated by organizational personnel with appropriate access privileges.