AT&T Cybersecurity – Inventory of Authorized and Unauthorized Software
3.4 3.4.8
https://cybersecurity.att.com/blogs/security-essentials/free-and-commercial-tools-to-implement-the-sans-top-20-security-controls-part-2
This list provides a list of free and commercial tools that can help with software inventory management (e.g., blacklisting, whitelisting, unauthorized software identification).
Department of Homeland Security – Application Whitelisting (AWL): Strategic Planning Guide
3.4 3.4.8 Configuration Management
https://www.cisa.gov/sites/default/files/cdm_files/FNR_NIS_OTH_AWL_Strategic_Planning_Guide.pdf
This document highlights and summarizes the types of choices, and the related decisions, that need to be made prior to starting the planning process.
NIST SP 800-53: CM-7 Least Functionality
3.4 3.4.7 3.4.8
https://nvd.nist.gov/800-53/Rev4/control/CM-7
NIST resource that defines requirements for configuring information systems to provide only essential capabilities such as restricting / blacklisting software.
