You are viewing this page in an unauthorized frame window.
This is a potential security issue, you are being redirected to https://csrc.nist.gov.
An official website of the United States government
Here’s how you know
Official websites use .gov A
.gov website belongs to an official government
organization in the United States.
Secure .gov websites use HTTPS A
lock (
) or https:// means you’ve safely connected to
the .gov website. Share sensitive information only on official,
secure websites.
NIST is striving to use more inclusive language.
Although present in current NIST publications, this potentially biased term will no longer be used in NIST's new or revised cybersecurity and privacy publications.
The deprecated term will be removed from this online glossary once it's no longer defined in a NIST publication.
Alternative language that NIST is using includes:
allowlist
Definitions:
A list of discrete entities, such as hosts or applications that are known to be benign and are approved for use within an organization and/or information system.
Also known as “clean word list”. Sources: CNSSI 4009-2015 under white list
from
NIST SP 800-128
NIST is striving to use more inclusive language.
Although present in current NIST publications, this potentially biased term will no longer be used in NIST's new or revised cybersecurity and privacy publications.
The deprecated term will be removed from this online glossary once it's no longer defined in a NIST publication.
Alternative language that NIST is using includes:
allowlist
A list of discrete entities, such as hosts or applications that are known to be benign and are approved for use within an organization and/or information system. Sources: NIST SP 800-128 under Whitelist
from
NIST SP 800-94 - Adapted
NIST is striving to use more inclusive language.
Although present in current NIST publications, this potentially biased term will no longer be used in NIST's new or revised cybersecurity and privacy publications.
The deprecated term will be removed from this online glossary once it's no longer defined in a NIST publication.
Alternative language that NIST is using includes:
allowlist
A list of discrete entities, such as hosts, email addresses, network port numbers, runtime processes, or applications that are authorized to be present or active on a system according to a well-defined baseline. Sources: NIST SP 800-128
from
NIST SP 800-167 NIST SP 800-167
An approved list or register of entities that are provided a particular privilege, service, mobility, access or recognition. Sources: NISTIR 7621 Rev. 1 under Whitelist
from
CNSSI 4009-2015 - “whitelisting”
NIST is striving to use more inclusive language.
Although present in current NIST publications, this potentially biased term will no longer be used in NIST's new or revised cybersecurity and privacy publications.
The deprecated term will be removed from this online glossary once it's no longer defined in a NIST publication.
Alternative language that NIST is using includes:
allowlist
Glossary Comments
Comments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document.
Comments about the glossary's presentation and functionality should be sent to secglossary@nist.gov.
