Navigate

SI-10(5)

SI-10(5): Restrict Inputs to Trusted Sources and Approved Formats

Restrict the use of information inputs to [trusted sources to which the use of information inputs is to be restricted are defined;] and/or [formats to which the use of information inputs is to be restricted are defined;].

Supplemental

Restricting the use of inputs to trusted sources and in trusted formats applies the concept of authorized or permitted software to information inputs. Specifying known trusted sources for information inputs and acceptable formats for such inputs can reduce the probability of malicious activity. The information inputs are those defined by the organization in the base control ( [SI-10](#si-10)).

CIA Levels
Confidentiality	unknown
Integrity	high
Availability	unknown

Overlays
DAF Baseline

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-10(5).

Control	Description
AC-3	Enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
AC-6	Employ the principle of least privilege, allowing only authorized accesses for users (or processes acting on behalf of users) that are necessary to accomplish assigned organizational tasks.

Enhancements

The controls below (if any) add on to the requirements of SI-10(5).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-10(5).

CCI	Definition
CCI-002756	Defines the trusted sources to which the usage of information inputs will be restricted (e.g., whitelisting).
CCI-002757	Defines the acceptable formats to which information inputs are restricted.
CCI-002758	Restrict the use of information inputs to organization-defined trusted sources and/or organization-defined formats.