Apply deny-by-exception / permit-by-exception policy for software (allowlisting)
Configuration Management · NIST SP 800-171 Rev 2
Requirement
Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.
Discussion
The process used to identify software programs that are not authorized to execute on systems is commonly referred to as blacklisting. The process used to identify software programs that are authorized to execute on systems is commonly referred to as whitelisting. Whitelisting is the stronger of the two policies for restricting software program execution. In addition to whitelisting, organizations consider verifying the integrity of whitelisted software programs using, for example, cryptographic
How this affects your SPRS score
Under the DoD Assessment Methodology, a perfect SPRS score is 110. If this control is not met, 5 points is subtracted from your score.
Want your estimated SPRS score?
Answer 15 quick questions covering the highest-impact controls and get an instant estimate.
Estimate my SPRS score →Source: NIST SP 800-171 Rev 2 (public domain) · SPRS weighting per the DoD Assessment Methodology · This is reference information, not an official assessment.