Homexnetd.com
xnetd.com

3.4 CONFIGURATION MANAGEMENT

3.4.8 Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software | NIST 800-171 control 3.4.8 helps secure systems by restricting software execution. You can choose blacklisting to block unauthorized software, or whitelisting to only allow approved programs. This improves security and accountability by making admins track authorized software. In short, it reduces the risk of malicious programs by allowing only trusted software to run.

3.4 CONFIGURATION MANAGEMENT
Back to "3.4 CONFIGURATION MANAGEMENT"
3.4 CONFIGURATION MANAGEMENT
🖨️

3.4.8 Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software

By wnoble2005@gmail.com (William Noble) 📅 2024-03-01
NIST 800-171 control 3.4.8 helps secure systems by restricting software execution. You can choose blacklisting to block unauthorized software, or whitelisting to only allow approved programs. This improves security and accountability by making admins track authorized software. In short, it reduces the risk of malicious programs by allowing only trusted software to run.



The process used to identify software programs that are not authorized to execute on systems is commonly referred to as blacklisting. The process used to identify software programs that are authorized to execute on systems is commonly referred to as whitelisting. Whitelisting is the stronger of the two policies for restricting software program execution. In addition to whitelisting, organizations consider verifying the integrity of whitelisted software programs using, for example, cryptographic checksums, digital signatures, or hash functions. Verification of whitelisted software can occur either prior to execution or at system startup.[SP 800-167] provides guidance on application whitelisting.

Benefits:

Enhanced Security: By limiting software execution, you reduce the risk of malware infections and unauthorized code running on your systems. This improves your overall security posture.

Stronger Control: You gain better control over system resources and data integrity. Only authorized applications can access and manipulate data, reducing the risk of unintended breaches.


Accountability:

Senior Management: Sets the overall security policy direction, allocates resources for implementing software control measures (blacklisting or whitelisting), and ensures compliance with regulations.

IT Security Team: Develops and implements the chosen software control policy (blacklisting or whitelisting). They maintain the lists, update them regularly, and monitor for unauthorized software attempts.

System Owners: Identify the authorized software required for their specific systems and work with the IT security team to ensure it's included in the whitelist or excluded from the blacklist.

Individual Users: Abide by the established software control policy. They should avoid installing or using unauthorized software and report any suspicious software attempts to IT security.

Implementation:

Blacklisting: You'll need to define unauthorized applications and configure your system to block them. Firewalls and anti-virus software often have built-in blacklisting features.

Whitelisting: Here, you define authorized applications and configure your system to only allow those programs to run. Endpoint management and application control tools can be helpful for whitelisting.


Go to docs.google.com

About "3.4.8 Apply deny-by-excep...tware" 🡃
Category:Cybersecurity Maturity Model
Family:Configuration Management (AC 3.4)
Type:Derived Security Requirements
#CybersecurityMaturityModel #DerivedSecurityRequirements
⬅ Back to 3.4 CONFIGURATION MANAGEMENT

More on q4q.com

Q4Q Technical Solutions

© q4q.com 1999-2024