# Allow Listing [[Allow Listing]] is a [[Threat Mitigation]] capability. Allow listing, also known as whitelisting, is a cybersecurity practice that explicitly permits specified systems, applications, or entities to access or perform certain operations within a network or system. It's a proactive approach to security that operates on the principle of "deny all, permit by exception". In some cases, It is a broad set of controls providing additional protections for assets that require greater resilience for the environment they operate in. Allow Listing is accomplished by creating a list of named assets or categories of assets that are approved to interact with another set of assets through a pre-determined process. Allow Listing is commonly used to reduce attack surface, restricting an adversary's opportunity to gain a foothold. ## Map ``` mermaid <!-- element style="width:90%; height:auto" --> graph TD Top[[Cybersecurity]] --- C[[Threat Mitigation]] C --- C.1[[Allow Listing]] C --- C.2[[Challenge Management]] C --- C.3[[Deny Listing]] C --- C.4[[Deception Management]] %% Class Definitions %% ===================== class Top,A,A.1,A.2,A.3,A.4,A.5,A.6,B,B.1,B.2,B.3,B.4,B.5,C,C.1,C.2,C.3,C.4,D,D.1,D.2,D.3,D.4,D.5,E,E.1,E.2,E.3,E.4,E.5,E.6 internal-link,font-color:white; class Top cssClassL0; classDef cssClassL0 fill:black,stroke:black,stroke-width:4px,font-size:15px,font-color:white; class A,B,C,D,E cssClassL1; classDef cssClassL1 fill:darkblue,stroke:darkblue,stroke-width:4px,font-size:15px,font-color:white; class A.1,A.2,A.3,A.4,A.5,A.6,B.1,B.2,B.3,B.4,B.5,C.1,C.2,C.3,C.4,D.1,D.2,D.3,D.4,D.5,E.1,E.2,E.3,E.4,E.5,E.6 cssClassL2; classDef cssClassL2 fill:blue,stroke:blue,stroke-width:4px,font-size:15px,font-color:white; class C.1 cssClassCurrent; classDef cssClassCurrent fill:#2f9503,stroke:#2f9503,stroke-width:4px,font-size:15px,font-color:white; ``` ## Definition > [!success] Definition > **Allow Listing** is used to mitigate threats by creating an approved list of allowed assets, interactions, and processes to reduce the possibility of adversary activity. ## Goals > [!cm-goal] Goal 1 > **Reduce the Number of Incidents** - >[!cm-goal] Goal 2 >**Reduce the Severity of Incidents** - ## Scope The scope of Allow Listing covers all adversary targeted assets and supporting assets that require threat mitigation to operate within tolerance. ## Process ## Metrics >[!cm-metric] Metric: % of assets with curated allow lists >[!cm-metric] Metric: [[% of Unauthorized Access Attempts]] ## Inspiration & Resources + [SP 800-167, Guide to Application Whitelisting | CSRC (nist.gov)](https://csrc.nist.gov/pubs/sp/800/167/final) + ## [Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.