SI-10(5): Restrict Inputs To Trusted Sources And Approved Formats


(Not part of any baseline)

Next Version:

Control Statement

The organization restricts the use of information inputs to [Assignment: organization-defined trusted sources] and/or [Assignment: organization-defined formats].

Supplemental Guidance

This control enhancement applies the concept of whitelisting to information inputs. Specifying known trusted sources for information inputs and acceptable formats for such inputs can reduce the probability of malicious activity.