SI-10(5): Restrict Inputs To Trusted Sources And Approved Formats

Control Family:

System And Information Integrity

Parent Control:

SI-10: Information Input Validation

Priority:

P1: Implement P1 security controls first.

Threats Addressed:

Tampering
Information Disclosure
Denial of Service
Elevation of Privilege

Baselines:

(Not part of any baseline)

Next Version:

NIST Special Publication 800-53 Revision 5:
SI-10(5): Restrict Inputs to Trusted Sources and Approved Formats

Control Statement

The organization restricts the use of information inputs to [Assignment: organization-defined trusted sources] and/or [Assignment: organization-defined formats].

Supplemental Guidance

This control enhancement applies the concept of whitelisting to information inputs. Specifying known trusted sources for information inputs and acceptable formats for such inputs can reduce the probability of malicious activity.