Help CenterDisclosure: ThreatLocker does not provide legal or compliance advice and is not a certifying authority for NIST 800-53 r4 compliance. The information provided represents ThreatLocker’s best-effort assessment of how its product capabilities may support NIST 800-53 r4 | Control CM-7 Least Functionality | Control Enhancement (5) requirements when properly configured.
Control CM-7 LEAST FUNCTIONALITY
Control Enhancement
(5) LEAST FUNCTIONALITY | AUTHORIZED SOFTWARE - ALLOW-BY-EXCEPTION
a. Identify [Assignment: organization-defined software programs authorized to execute on the system];
ThreatLocker automatically learns all software installed and running in your environment (minus a few non-standard program locations such as the Documents and Downloads folders) when you deploy the agent. Once computers are switched into a secured state, no new applications, files, scripts, or drivers can execute until they are permitted, keeping you in control of your application list.
b. Employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the system; and
ThreatLocker uses a default-deny philosophy. Any software not on the allowlist will be denied. Only software that you expressly permit will be able to run.
c. Reviews and updates the list of authorized software programs [Assignment: organization-defined frequency]
By permitting a software, ThreatLocker adds it to your list of authorized software. A list of all applications and policies can be exported offline review. An organization’s policy list can be quickly reviewed online at any time to see when a policy was created and when it was last used. Admins can remove policies for unused or unwanted software, which means the software will no longer be able to run; if a user needs it again, they can request it.
Reference:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf