Navigate

SI-3(4)

SI-3(4): Updates Only by Privileged Users

Update malicious code protection mechanisms only when directed by a privileged user.

Supplemental

Protection mechanisms for malicious code are typically categorized as security-related software and, as such, are only updated by organizational personnel with appropriate access privileges.

CIA Levels
Confidentiality	unknown
Integrity	unknown
Availability	unknown

Overlays
CDS - Access, CDS - Multilevel, CDS - Transfer

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-3(4).

Control	Description
CM-5	Define, document, approve, and enforce physical and logical access restrictions associated with changes to the system.

Enhancements

The controls below (if any) add on to the requirements of SI-3(4).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-3(4).

CCI	Definition
CCI-001249	Update malicious code protection mechanisms only when directed by a privileged user.