3.4.8 Apply Deny-by-Exception (Blacklisting) or Permit-by-Exception (Whitelisting) Policies

3.4.8 Apply deny-by-exception (blacklist) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.

To go back to the NIST 800-171 Controls page click here.

Guides

• NIST SP 800-167 – Guide to Application Whitelisting
• US-Cert – Application Whitelisting Strategic Planning Guide

Example Tools

• CarbonBlack Protection
• Crowd Strike Falcon
• Windows AppLocker

Additional Lessons Learned

• National Security Agency – Application Whitelisting Best Practices

Vendor Documentation

• Kaspersky – The Wonders of Whitelisting (as Opposed to Blacklisting)
• SANS Institute – A New World of Endpoint Security