https://artifacts.trustmarkinitiative.org/lib/tips/nist-sp-800-53-r4-security-control-cm-7-_5__-authorized-software-_-whitelisting/4/NIST SP 800-53 r4 Security Control CM-7 (5): Authorized Software / Whitelisting4Profile of requirements corresponding to NIST Special Publication 800-53, r4, Security Control CM-7 (5): Authorized Software / Whitelisting. Applicable to HIGH impact systems.2021-04-26T00:00:00.000ZfalseThis document and the information contained herein is provided on an "AS IS" basis, and the Georgia Tech Research Institute disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, the Georgia Tech Research Institute disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.https://trustmarkinitiative.org/TMIPRIMARYhelp@trustmarkinitiative.org555-555-5555https://trustmarkinitiative.org/800-53Authorized Software / WhitelistingConfiguration ManagementHighNISTSecurityhttps://artifacts.trustmarkinitiative.org/lib/tds/least-functionality-_-authorized-software-identified/1.0/1Least Functionality | Authorized Software Identified1.0Defines conformance and assessment criteria for verifying that an organization identifies software programs authorized to execute on the information system.https://artifacts.trustmarkinitiative.org/lib/tds/least-functionality-_-authorized-software-execution-whitelisting/1.0/2Least Functionality | Authorized Software Execution Whitelisting1.0Defines conformance and assessment criteria for verifying that an organization employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system.https://artifacts.trustmarkinitiative.org/lib/tds/least-functionality-_-authorized-software-review-and-update/1.0/3Least Functionality | Authorized Software Review and Update1.0Defines conformance and assessment criteria for verifying that an organization regularly reviews and updates the list of authorized software programs.SP800-53R4NIST Special Publication 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, National Institute of Standards and Technology, April 2013 (Includes updates as of 01-15-2014). Available at <a href="http://dx.doi.org/10.6028/NIST.SP.800-53r4">http://dx.doi.org/10.6028/NIST.SP.800-53r4</a>.