CFG-03.3 ยท Explicitly Allow / Deny Applications

Control Description

Mechanisms exist to explicitly allow (allowlist / whitelist) and/or block (denylist / blacklist) applications that are authorized to execute on systems.

Control Question
Assessment question for control validation

Does the organization explicitly allow (allowlist / whitelist) and/or block (denylist / blacklist) applications that are authorized to execute on systems?

Control Weighting
5
Validation Cadence
Annual
NIST CSF Function
Protect
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: CFG-03.3
ESP Level 2: CFG-03.3
ESP Level 3: CFG-03.3