diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9ef2879f1e..e1cea07c60 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -22,8 +22,7 @@ The types of changes are:
 - Added keepalive settings to the Redshift integration [#5433](https://github.com/ethyca/fides/pull/5433)
 
 ### Changed
-- Add an environment variable that must be true to enable the Access request download feature [#5451](https://github.com/ethyca/fides/pull/5451)
-
+- Added a security setting that must be set to true to enable the access request download feature [#5451](https://github.com/ethyca/fides/pull/5451)
 
 ### Developer Experience
 - Added Carbon Icons to FidesUI [#5416](https://github.com/ethyca/fides/pull/5416)
diff --git a/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py b/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py
index 694ad3e333..38e1a83e7f 100644
--- a/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py
+++ b/src/fides/api/api/v1/endpoints/privacy_request_endpoints.py
@@ -2594,7 +2594,7 @@ def get_access_results_urls(
     """
     if not CONFIG.security.subject_request_download_ui_enabled:
         raise HTTPException(
-            status_code=HTTP_404_NOT_FOUND,
+            status_code=HTTP_403_FORBIDDEN,
             detail="Access results download is disabled.",
         )
     privacy_request: PrivacyRequest = get_privacy_request_or_error(
diff --git a/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py b/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py
index 34f79a13ae..fb6df17975 100644
--- a/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py
+++ b/tests/ops/api/v1/endpoints/test_privacy_request_endpoints.py
@@ -8277,4 +8277,4 @@ def test_get_access_results_contributor_but_disabled(
             contributor_user, roles=contributor_user.permissions.roles
         )
         response = api_client.get(url, headers=auth_header)
-        assert response.status_code == 404
+        assert response.status_code == 403