SI-3(4)—Updates Only By Privileged Users
>Control Description
Update malicious code protection mechanisms only when directed by a privileged user.
>Supplemental Guidance
Protection mechanisms for malicious code are typically categorized as security-related software and, as such, are only updated by organizational personnel with appropriate access privileges.