Application whitelisting allows only explicitly approved software to execute on a system, blocking everything else by default. This is the inverse of traditional antivirus, which blocks known bad software while allowing everything else. Whitelisting assumes nothing is trusted unless specifically approved.
CISA consistently recommends application whitelisting as one of the highest-impact mitigations against malware and ransomware. The operational challenge is maintaining the whitelist in dynamic environments where software changes frequently.
CISSP Relevance
Application whitelisting appears in Domain 7 (Security Operations) as an endpoint security control. CISSP candidates must understand how whitelisting reduces attack surface, the operational challenges of maintaining approved software lists, and how it fits into layered endpoint security architectures.
External reference: CISA Application Allowlisting Guidance
Related terms: Malware, Security Baseline