whitelisting

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

NIST is striving to use more inclusive language. Although present in current NIST publications, this potentially biased term will no longer be used in NIST's new or revised cybersecurity and privacy publications. The deprecated term will be removed from this online glossary once it's no longer defined in a NIST publication.

Alternative language that NIST is using includes:

allowlisting

Definitions:

  An implementation of a default deny all or allow by exception policy across an enterprise environment, and a clear, concise, timely process for adding exceptions when required for mission accomplishments.
Sources:
CNSSI 4009-2015 from CNSSI 1011

  An approved list or register of entities that are provided a particular privilege, service, mobility, access or recognition.
Sources:
CNSSI 4009-2015

  A process used to identify software programs that are authorized to execute on a system or authorized Universal Resource Locators (URL)/websites.
Sources:
NIST SP 800-171 Rev. 2

Glossary Comments

Comments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document.

Comments about the glossary's presentation and functionality should be sent to secglossary@nist.gov.

See NISTIR 7298 Rev. 3 for additional details.