NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-3(3)Non-privileged Users

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

Non-privileged users should not be able to disable or modify malicious code protection on their machines.

Example 1: Use GPO to lock down Microsoft Defender settings. Set "Turn off Microsoft Defender Antivirus" to "Not Configured" (meaning it stays on) and enable tamper protection so even local administrators cannot disable real-time protection.

Example 2: In your ESS/Trellix ePO policies, enable the self-protection feature and set a password for uninstalling or modifying the agent. Regular users cannot disable, uninstall, or change the antivirus configuration.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status