NEWS

The NCSC now uses ‘allow list’ and ‘deny list’ in place of ‘whitelist’ and ‘blacklist’. Emma W explains why…

A few months ago, an NCSC customer contacted me to ask if we would consider making a small but significant change to some of the wording we use on the NCSC website. When she asked the question, I immediately smacked myself in the head for not thinking of it a long time ago. And I was really glad to say: yes, we will make this change straight away, and I’m sorry you had to come and ask us to do it.

It’s fairly common to say whitelisting and blacklisting to describe desirable and undesirable things in cyber security. For instance, when talking about which applications you will allow or deny on your corporate network; or deciding which bad passwords you want your users not to be able to use …