Use technical controls, such as application allowlisting, to ensure that only authorized software can execute or be accessed. Reassess�bi-annually, or more frequently.