Whitelist/Blacklist Policy
Governance rule defining allowed (whitelist) and disallowed (blacklist) inputs, features, or operations to enforce compliance and prevent misuse.
Definition
A policy-as-code mechanism where authorized input values, API calls, model operations, or external endpoints are specified in a whitelist, and prohibited items (e.g., PII fields, disallowed functions) are enumerated in a blacklist. During runtime or pipeline execution, policy checks block any unapproved actions. Governance processes maintain and review these lists regularly to adapt to evolving risks and requirements.
Real-World Example
A data-ingestion pipeline applies a whitelist/blacklist policy: only CSV files from specified source systems (whitelist) are accepted, and any records containing Social Security numbers (blacklist pattern) are rejected and alerted to compliance. This prevents unauthorized or sensitive data from entering the AI pipeline.
.svg)
