NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-3(2)Automatic Updates

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Practitioner Notes

Ensure antimalware definitions and signatures update automatically — your protection is only as good as your latest definitions.

Example 1: Configure Microsoft Defender to receive definition updates from Microsoft Update, WSUS, or a file share. Set the update frequency to at least every 4 hours via GPO. Monitor update status in the Defender portal and alert on machines with definitions older than 48 hours.

Example 2: Configure ESS/Trellix ePO to push DAT file updates automatically as soon as they are available. Set the update check interval to 1 hour. Machines that miss updates are flagged in the ePO compliance dashboard for follow-up.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status