[washadjeffmad]

Kind of funny, but the last guy who looked at me like I was an idiot for asking for a detailed list of what actions should be performed to "whitelist" something had never had to implement one himself.

Each agency, bureau, department, school, and institution would not just have to have IT people to implement the whitelists (eg- in mdm or by policy, which they may not already use), but get people to serve on committees to approve, build, and maintain the whitelists, create the processes to field and test all whitelisting requests, create a process exception request process, and coordinate with whatever external governing or regulatory bodies' lists to ensure compliance.

It wouldn't take long before the employees would just start using their personal devices and hotspots for everything to avoid the hassle, which would be so much worse.