2.5: Allowlist Authorized Software

CSF v1.1 References:

CSF v2.0 References:

Threats Addressed:


Previous Version:

Control Statement

Use technical controls, such as application allowlisting, to ensure that only authorized software can execute or be accessed. Reassess bi-annually, or more frequently.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]