NIST 800-171 R-3.4.8
Apply Allow/Deny Software Policy
Official citation: 3.4.8
Class: core · Severity: high
Statement of the obligation — verify against source
3.4.8
What it means
Control which software may run using either deny-listing (block known-unauthorized software) or, more strongly, allow-listing (permit only explicitly authorized software). Allow-listing is the stronger approach; pair it with integrity verification — cryptographic checksums, digital signatures, or hashes — checked before execution or at system startup.
Educational reference only — not legal advice. Consult a qualified assessor or attorney for binding compliance determinations.