WDAC (Windows Defender Application Control) is a Microsoft technology that determines which applications and drivers may execute on Windows systems. Policies are created centrally and distributed via Group Policy or Intune. In an ISMS, WDAC is a technical control for application whitelisting per ISO 27001 Annex A.8.19. It prevents execution of unknown or unauthorized software, significantly reducing the attack surface. Deployment requires careful planning, as overly restrictive rules can disrupt operations.