ThreatLocker and NIST 800-53 r4 | Control CM-7 Least Functionality | Control Enhancement (5)
When correctly configured, ThreatLocker can help organizations achieve NIST 800-53 r4 compliance. We have made our best effort to outline the way the ThreatLocker endpoint security platform can support an organization's efforts to meet the following control:
Control CM-7 LEAST FUNCTIONALITY
(5) LEAST FUNCTIONALITY | AUTHORIZED SOFTWARE/WHITELISTING
a. Identifies [Assignment: organization-defined software programs authorized to execute on the information system];
ThreatLocker automatically learns all software installed and running in your environment (minus a few non-standard program locations such as the Documents and Downloads folders) when you deploy the agent. Once computers are switched into a secured state, no new applications, files, scripts, or drivers can execute until they are permitted, keeping you in control of your application list.
b. Employs a deny-all, permit-by-exception policy to allow the execution of authorized software programs on the information system; and
ThreatLocker uses a default deny philosophy. Any software not on the allowlist will be denied. Only software that you expressly permit will be able to run.
c. Reviews and updates the list of authorized software programs [Assignment: organization defined frequency]
By permitting a software, ThreatLocker adds it to your list of authorized software. A list of all applications and policies can be exported offline review. An organization’s policy list can be quickly reviewed online at any time to see when a policy was created and when it was last used. Admins can remove policies for unused or unwanted software, meaning that the software will no longer be able to run; if a user needs it again, they can request it.