SI-3(4)—Updates Only By Privileged Users
>Control Description
Update malicious code protection mechanisms only when directed by a privileged user.
>Supplemental Guidance
Protection mechanisms for malicious code are typically categorized as security-related software and, as such, are only updated by organizational personnel with appropriate access privileges.
>Related Controls
>Assessment Interview Topics
Questions assessors commonly ask
Process & Governance:
- •What policies and procedures govern updates only by privileged users?
- •Who is responsible for monitoring system and information integrity?
- •How frequently are integrity monitoring processes reviewed and updated?
- •What is your patch management process and timeline?
Technical Implementation:
- •What technical controls detect and respond to updates only by privileged users issues?
- •How are integrity violations identified and reported?
- •What automated tools support system and information integrity monitoring?
- •What anti-malware solutions are deployed and how are they configured?
- •How do you ensure timely installation of security-relevant patches?
Evidence & Documentation:
- •Can you provide recent integrity monitoring reports or alerts?
- •What logs demonstrate that SI-3(4) is actively implemented?
- •Where is evidence of integrity monitoring maintained and for how long?
- •Can you show recent malware detection reports and response actions?
- •Can you show recent patch installation records?
Ask AI
Configure your API key to use AI features.