White Listing

"Whitelisting is a form of filtering where a list is created that registers entities that are granted access or are welcomed signatures. When a whitelist is used, the default is to ""deny all"" except for those entries that are enumerated in the filter. These are typically used when it is easier (or a shorter list) to identify what is desirable rather than what is not desirable. "

Cloud Controls Matrix (CCM) Data

Array

SA-15 | Security Architecture | Mobile Code

Control Specification +-

Mobile code shall be authorized before its installation and use, and the configuration shall ensure that the authorized mobile code operates according to a clearly defined security policy. All unauthorized mobile code shall be prevented from executing.

Architectural Relevance +-

PhysicalNetworkComputeAppData
False True True False True

Corp Gov Relevance +-

Corp Gov Relevance
False

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True True

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

A.10.4.2
A.12.2.2

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

SC-18

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

G.20.12, I.2.5

Jericho ForumNERC CIP

Commandment #1
Commandment #2
Commandment #3
Commandment #5
Commandment #11

Array

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Security Architecture (SA) | ID #SA-15.1

Is mobile code authorized before its installation and use and the code configuration checked to ensure that the authorized mobile code operates according to a clearly defined security policy?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

A.10.4.2
A.12.2.2

NIST SP800-53 R3 SC-18

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 SC-18
NIST SP800-53 R3 SC-18 (4)

SIG v6.0:G.20.12, I.2.5

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Security Architecture (SA) | ID #SA-15.2

Is all unauthorized mobile code prevented from executing?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

A.10.4.2
A.12.2.2

NIST SP800-53 R3 SC-18

FedRAMPPCI_DSSBITSGAPP

NIST SP800-53 R3 SC-18
NIST SP800-53 R3 SC-18 (4)

SIG v6.0:G.20.12, I.2.5

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True