NIST is striving to use more inclusive language. Although present in current NIST publications, this potentially biased term will no longer be used in NIST's new or revised cybersecurity and privacy publications. The deprecated term will be removed from this online glossary once it's no longer defined in a NIST publication.
Alternative language that NIST is using includes:
allowlisting
An implementation of a default deny all or allow by exception policy across an enterprise environment, and a clear, concise, timely process for adding exceptions when required for mission accomplishments.
Source(s):
CNSSI 4009-2015
from
CNSSI 1011
An approved list or register of entities that are provided a particular privilege, service, mobility, access or recognition.
Source(s):
CNSSI 4009-2015
A process used to identify software programs that are authorized to execute on a system or authorized Universal Resource Locators (URL)/websites.
Source(s):
NIST SP 800-171 Rev. 2