History
- Priority
- must
- Oct 2019
- Removed
- Security control 0650 was merged with security control 0649.
- Sep 2019
- A whitelist of permitted content types is created and enforced based on business requirements and the results of a security risk assessment.
- 2015
- Agencies must identify, create and enforce a whitelist of permitted content types based onbusiness requirements and the results of a security risk assessment.
- 2010
- Agencies must strictly define and limit the types of files that can be transferred, based on businessrequirements and the results of a security risk assessment.