Application Security , Governance & Risk Management , Next-Generation Technologies & Secure Development
NIST Publishes Application Whitelisting Guide
Adding an Additional Layer of Security to the EnterpriseThe National Institute of Standards and Technology has issued a Guide to Application Whitelisting that provides step-by-step instructions on deploying automated application whitelisting to help prevent malware from accessing IT systems.
See Also: Report: The State of Cloud Data Security 2023
Automated application whitelisting lets IT managers select trusted software programs to run on an enterprise's computer system that would minimize threats by preventing employees and other systems users from downloading programs containing malicious software and disruptive bugs.
"The environment would allow trusted executables to run," independent security researcher Roel Schouwenberg says. "That type of technology has really made a lot of headway. A lot of people still think that whitelisting is very restrictive but it's gotten a lot better over the last couple of years and really allows people to do their work and be productive while having this additional layer of safety."
Permitting Only Good Activity
NIST, in the new guidance that's also known as Special Publication 800-167, advises organizations to use modern whitelisting programs, also known as application control programs, to thwart cyberthreats.
"Unlike antivirus software, which blocks known bad activity and permits all other actions, application whitelisting technology only permits known good activity and blocks all others," NIST Senior Information Technology Policy Adviser Adam Sedgewick says.
Application whitelisting programs can be designed not to interfere with existing antivirus software and intrusion detection systems. Automated whitelisting programs simplify the task of screening and approving software patches and updates for use across an organization.
NIST says application whitelisting is especially appropriate for larger organizations with managed enterprise environments that enable strict centralized control over desktops and laptops connected to networks.
Phased Deployment
The guide's authors suggest a phased approached when deploying application whitelisting. They say organizations should:
- First, conduct a risk assessment to determine if automated whitelisting is appropriate for their organizations;
- Then, test a whitelisting process in monitoring mode to identify problems without disrupting operations; and
- Implement gradually automated whitelisting across the organization when all problems are addressed and a monitoring retest shows operations run smoothly.
The NIST guide also furnishes a section on using applications whitelisting in mobile platforms.