Navigate

SI-10(5)

SI-10(5): Restrict Inputs to Trusted Sources and Approved Formats

The organization restricts the use of information inputs to [organization-defined trusted sources] and/or [organization-defined formats].

Supplemental

This control enhancement applies the concept of whitelisting to information inputs. Specifying known trusted sources for information inputs and acceptable formats for such inputs can reduce the probability of malicious activity.

CIA Levels
Confidentiality	unknown
Integrity	high
Availability	unknown

Overlays
None

CSF Categories
None

Related Controls

The controls below (if any) were marked by NIST as being related to SI-10(5).

Control	Description
No controls

Enhancements

The controls below (if any) add on to the requirements of SI-10(5).

Control	Description
No controls

Related CCIs

The CCIs below are tied to SI-10(5).

CCI	Definition
CCI-002756	Defines the trusted sources to which the usage of information inputs will be restricted (e.g., whitelisting).
CCI-002757	Defines the acceptable formats to which information inputs are restricted.
CCI-002758	Restrict the use of information inputs to organization-defined trusted sources and/or organization-defined formats.