Files imported or exported via gateways or CDSs are filtered for allowed file types.
Topic
Allowing specific content types
Applicable to
all
History
Priority
should
Mar 2022
Files imported or exported via gateways or CDSs are filtered for allowed file types.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
Dec 2019
A whitelist of permitted content types is created and enforced based on business requirements and the results of a risk assessment.
Security control 0649 was modified slightly to ensure consistency of terminology.
Nov 2019
A whitelist of permitted content types is created and enforced based on business requirements and the results of a security risk assessment.
Oct 2019
A whitelist of permitted content types is created and enforced based on business requirements and the results of a security risk assessment.
Security control 0650 was merged with security control 0649.
Sep 2019
A whitelist of permitted content types is created and enforced based on business requirements and the results of a security risk assessment.
2015
Agencies should identify, create and enforce a whitelist of permitted content types based onbusiness requirements and the results of a security risk assessment.
2010
Agencies should strictly define and limit the types of files that can be transferred, based on businessrequirements and the results of a security risk assessment.
2008
Agencies should strictly define and limit the types of files that can be transferred based on business requirements and the results of a risk assessment.