NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-10(5)Restrict Inputs to Trusted Sources and Approved Formats

Restrict the use of information inputs to {{ insert: param, si-10.05_odp.01 }} and/or {{ insert: param, si-10.05_odp.02 }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

Restricting the use of inputs to trusted sources and in trusted formats applies the concept of authorized or permitted software to information inputs. Specifying known trusted sources for information inputs and acceptable formats for such inputs can reduce the probability of malicious activity. The information inputs are those defined by the organization in the base control ( [SI-10](#si-10)).

Practitioner Notes

Restrict inputs to trusted sources and approved formats — know where your data is coming from and accept only data that matches expected patterns.

Example 1: Configure your API endpoints to accept input only from authenticated, authorized clients. Use API keys, OAuth tokens, and IP whitelisting to verify that requests come from known, trusted sources.

Example 2: Define strict JSON or XML schemas for your APIs and validate all incoming requests against the schema. Reject requests with unexpected fields, wrong data types, or values outside defined ranges. Document the accepted format in your API specification.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status