NIST SP 800-171 & CMMC 2.0 Control 3.4.8 Requirement:
Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.
NIST SP 800-171 & CMMC 2.0 3.4.8 Requirement Explanation:
By restricting the software that can be installed and run on your systems you reduce the risk of malicious software from running. A software whitelisting policy provides more security than a black list. Whitelists are also easier to maintain.
Example NIST SP 800-171 & CMMC 2.0 3.4.8 Implementation:
You need to enforce either a software blacklist or whitelist policy on your systems. Blacklist (deny-by-exception) option: Create a list of software that is not allowed on your systems. Enforce this list on your systems to prevent users from running or installing black listed software. You might be able to use the anti-virus software installed on your system to enforce your blacklist. Whitelist (deny-all, permit-by-exception) option: Create a list of software this allowed on your systems. Enforce this list to prevent users from running and installing unauthorized software. You might be able to use the anti-virus software installed on your system to enforce your whitelist.
NIST SP 800-171 & CMMC 2.0 3.4.8 Scenario(s):
- Scenario 1:
Your company has a software black list. It includes common non-essential programs that your employees like to use such as iTunes and Spotify. You use your enterprise anti-virus solution to apply your blacklist to your systems. Whenever a user attempts to run or install the blacklisted software they are prevented from doing so.
- Scenario 2:
Your company has a software whitelist. It includes your standard software configuration (Microsoft Office, Anti-Virus, Adobe Acrobat etc.) and other software that has an approved business need. You use your enterprise anti-virus solution to apply your whitelist to your systems. Software that is not on the whitelist is no blocked from running.
Discover Our NIST SP 800-171 & CMMC 2.0 Solutions:
Power through compliance. Meet and maintain your NIST SP 800-171 & CMMC 2.0 compliance requirements.
Transform your business. Create new revenue streams and provide scalability for your NIST SP 800-171 and CMMC 2.0 services.
Supply Chain Verifier
Trust is everything. Verify, monitor, and support subcontactor compliance.