Originally published at: https://grcacademy.io/cmmc/controls/cm-l2-3-4-8/
Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.