Application Security , Cybersecurity , Technology

NIST Publishes Application Whitelisting Guide

Adding an Additional Layer of Security to the Enterprise
NIST Publishes Application Whitelisting Guide

The National Institute of Standards and Technology has issued a Guide to Application Whitelisting that provides step-by-step instructions on deploying automated application whitelisting to help prevent malware from accessing IT systems.

See Also: Top Trends in Cybercrime; 411 Million Attacks Detected in Just 3 Months

Automated application whitelisting lets IT managers select trusted software programs to run on an enterprise's computer system that would minimize threats by preventing employees and other systems users from downloading programs containing malicious software and disruptive bugs.

"The environment would allow trusted executables to run," independent security researcher Roel Schouwenberg says. "That type of technology has really made a lot of headway. A lot of people still think that whitelisting is very restrictive but it's gotten a lot better over the last couple of years and really allows people to do their work and be productive while having this additional layer of safety."

Permitting Only Good Activity

NIST, in the new guidance that's also known as Special Publication 800-167, advises organizations to use modern whitelisting programs, also known as application control programs, to thwart cyberthreats.

"Unlike antivirus software, which blocks known bad activity and permits all other actions, application whitelisting technology only permits known good activity and blocks all others," NIST Senior Information Technology Policy Adviser Adam Sedgewick says.

Application whitelisting programs can be designed not to interfere with existing antivirus software and intrusion detection systems. Automated whitelisting programs simplify the task of screening and approving software patches and updates for use across an organization.

NIST says application whitelisting is especially appropriate for larger organizations with managed enterprise environments that enable strict centralized control over desktops and laptops connected to networks.

Phased Deployment

The guide's authors suggest a phased approached when deploying application whitelisting. They say organizations should:

  • First, conduct a risk assessment to determine if automated whitelisting is appropriate for their organizations;
  • Then, test a whitelisting process in monitoring mode to identify problems without disrupting operations; and
  • Implement gradually automated whitelisting across the organization when all problems are addressed and a monitoring retest shows operations run smoothly.

The NIST guide also furnishes a section on using applications whitelisting in mobile platforms.


About the Author

Eric Chabrow

Eric Chabrow

Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Chabrow hosts and produces the semi-weekly podcast ISMG Security Report and oversees ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network