Application whitelisting is a practice to mitigate the risk of malicious software (malware). It involves restricting the use of software installation on endpoint devices to approved software programs.
Application whitelisting is one of the more contentious information security areas of the Consumer Data Right. Modern businesses want to avoid the operating burden of centralised management of device administration, and maintaining a complete list of appropriate software to use on endpoint devices.
Restricting the installation of software to approved programs can be achieved in broadly two ways; (1) A systematic approach, or (2) A employee empowerment and accountability approach. The first is what's most commonly thought of with application whitelisting where employees are unable to install software unless it's on a pre-approved list, or installed for them by an authorised administrator. This can be systematically set up through mobile device management (MDM) software
The CDR Perspective
The CDR requires application white-listing as one of the 24 information security practices. Download of executables and installation of software on infrastructure and end-user devices (including on BYOD devices) is restricted to authorised software only.
About AssuranceLab
AssuranceLab is a modern cybersecurity audit firm that provides assurance reports (ASAE 3150, SOC 1/2). We're experts in the latest software and cloud providers. We guide your team through the compliance practices in a way that fits your environment and culture. We work closely with clients through our agile and collaborative approach; saving time, costs, and headaches along the way.
Apps