IG3

Allowlist Authorized Scripts

Control Group: 2. Inventory and Control of Software Assets

Asset Type: Applications

Security Function: Protect

Description

Use technical controls, such as digital signatures and version control, to ensure that only authorized scripts, such as specific .ps1, .py, etc., files, are allowed to execute. Block unauthorized scripts from executing. Reassess bi-annually, or more frequently.

Implementation Checklist

1

Assess current protection controls in place

2

Configure and deploy required security controls

3

Test control effectiveness in non-production environment

4

Deploy to production and verify functionality

5

Document configuration and operational procedures

Tool Recommendations

Flexera One Gartner MQ Leader, SAM 2024

IT asset management and software asset management platform with license optimization and SaaS management

Flexera · Enterprise subscription

Microsoft Intune Gartner MQ Leader, UEM 2024

Unified endpoint management platform for device enrollment, software deployment, configuration, and compliance across Windows, macOS, iOS, and Android

Microsoft · Per-user/per-device subscription

VMware Workspace ONE Gartner MQ Leader, UEM 2024

Digital workspace platform combining UEM with virtual app delivery and zero-trust access for endpoint management

Broadcom (VMware) · Per-device subscription

Threats & Vulnerabilities (CIS RAM)

Threat Scenarios

Malicious PowerShell or Python Script Execution

Confidentiality

Attackers execute obfuscated PowerShell, Python, or other scripts to download additional payloads, dump credentials, or establish reverse shells without restriction.

Fileless Malware via Script Engines

Integrity

Threat actors leverage unrestricted script execution to run fileless malware entirely in memory through scripting engines, evading traditional file-based detection.

Insider Threat via Unauthorized Automation Scripts

Confidentiality

Malicious insiders create scripts to automate data collection and exfiltration, bulk-modify system configurations, or escalate privileges without detection.

Vulnerabilities (When Safeguard Absent)

Unrestricted Script Execution on Endpoints

Without script allowlisting or code signing requirements, any script file can execute on enterprise assets, making script engines a primary attack vector.

No Version Control or Signing for Scripts

The absence of digital signature verification for scripts means modified or malicious scripts cannot be distinguished from legitimate automation.

Evidence Requirements

Type	Evidence Item	Collection Frequency
Technical	Configuration screenshots or exports showing protection controls enabled	Captured quarterly
Document	Procedure documentation for protection measures	Reviewed annually
Document	Governing policy document (current, approved, communicated)	Reviewed annually

Related Policy Templates

Software Asset Management Policy

Control 2

Related Safeguards in Control 2

2.1 Establish and Maintain a Software Inventory

2.2 Ensure Authorized Software is Currently Supported

2.3 Address Unauthorized Software

2.4 Utilize Automated Software Inventory Tools

2.5 Allowlist Authorized Software

2.6 Allowlist Authorized Libraries