Abstract:This document was written with contributions from Subject Matter Experts at the Department of Homeland Security (DHS) and the National Security Agency (NSA). This document serves as an appendix to "Seven Strategies to Defend Industrial Control Systems". Application Whitelisting (AWL) can detect and prevent attempted exectution of malware uploaded by adversaries. The static nature of some industrial control systems (ICS) computers, such as database servers and human-machine interfaces, makes these ideal candidates to run AWL. In some situations deploying AWL on ICS computers is simple, but it can be challenging in others. Operators are thus encouraged to work with vendors to baseline and calibrate AWL deployments.