diff --git a/samples/oss-service-instance-invalid.yaml b/samples/oss-service-instance-invalid.yaml
index 2834be4..1cee399 100644
--- a/samples/oss-service-instance-invalid.yaml
+++ b/samples/oss-service-instance-invalid.yaml
@@ -26,7 +26,6 @@
       properties:
         name: hippie-oss
         must-exist: true
-        whitelist: ""
 
     oss_si:
       type: tosca.nodes.HippieOSSServiceInstance
diff --git a/samples/oss-service-instance-valid.yaml b/samples/oss-service-instance-valid.yaml
index 3ca4236..11881d0 100644
--- a/samples/oss-service-instance-valid.yaml
+++ b/samples/oss-service-instance-valid.yaml
@@ -18,6 +18,7 @@
 imports:
   - custom_types/hippieossservice.yaml
   - custom_types/hippieossserviceinstance.yaml
+  - custom_types/hippieosswhitelistentry.yaml
 description: Emulate the call for an VALID ONU
 topology_template:
   node_templates:
@@ -26,7 +27,6 @@
       properties:
         name: hippie-oss
         must-exist: true
-        whitelist: BRCM1234 # NOTE: this ONU must exist in the system (check in olt-service examples to create it)
 
     oss_si:
       type: tosca.nodes.HippieOSSServiceInstance
@@ -35,3 +35,11 @@
         of_dpid: "of:1234"
         serial_number: BRCM1234
 
+    oss_whitelist_BRCM1234:
+      type: tosca.nodes.HippieOSSWhiteListEntry
+      properties:
+        serial_number: BRCM1234 # NOTE: this ONU must exist in the system (check in olt-service examples to create it)
+      requirements:
+        - owner:
+            node: service#oss
+            relationship: tosca.relationships.BelongsToOne
diff --git a/xos/synchronizer/model_policies/model_policy_hippieossservice.py b/xos/synchronizer/model_policies/model_policy_hippieossservice.py
index 3559d88..48fad25 100644
--- a/xos/synchronizer/model_policies/model_policy_hippieossservice.py
+++ b/xos/synchronizer/model_policies/model_policy_hippieossservice.py
@@ -25,7 +25,10 @@
 
         sis = HippieOSSServiceInstance.objects.all()
 
-        whitelist = [x.strip() for x in service.whitelist.split(',')]
+        # TODO(smbaker): This is redudant with HippieOSSWhiteListEntry model policy, though etaining this does provide
+        # a handy way to trigger a full reexamination of the whitelist.
+
+        whitelist = [x.serial_number for x in service.whitelist_entries.all()]
 
         for si in sis:
             if si.serial_number in whitelist and not si.valid == "valid":
diff --git a/xos/synchronizer/model_policies/model_policy_hippieosswhitelistentry.py b/xos/synchronizer/model_policies/model_policy_hippieosswhitelistentry.py
new file mode 100644
index 0000000..5b2d29a
--- /dev/null
+++ b/xos/synchronizer/model_policies/model_policy_hippieosswhitelistentry.py
@@ -0,0 +1,59 @@
+
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+from synchronizers.new_base.modelaccessor import HippieOSSServiceInstance, HippieOSSWhiteListEntry, model_accessor
+from synchronizers.new_base.policy import Policy
+
+class OSSWhiteListEntryPolicy(Policy):
+    model_name = "HippieOSSWhiteListEntry"
+
+    def handle_create(self, whitelist):
+        self.handle_update(whitelist)
+
+    def handle_update(self, whitelist):
+        self.logger.debug("MODEL_POLICY: handle_update for HippieOSSWhiteListEntry", whitelist=whitelist)
+
+        sis = HippieOSSServiceInstance.objects.filter(serial_number = whitelist.serial_number,
+                                                   owner_id = whitelist.owner.id)
+
+        for si in sis:
+            if si.valid != "valid":
+                self.logger.debug("MODEL_POLICY: activating HippieOSSServiceInstance because of change in the whitelist", si=si)
+                si.valid = "valid"
+                si.save(update_fields=["valid", "no_sync", "updated"], always_update_timestamp=True)
+
+        whitelist.backend_need_delete_policy=True
+        whitelist.save(update_fields=["backend_need_delete_policy"])
+
+    def handle_delete(self, whitelist):
+        self.logger.debug("MODEL_POLICY: handle_delete for HippieOSSWhiteListEntry", whitelist=whitelist)
+
+        # BUG: Sometimes the delete policy is not called, because the reaper deletes
+
+        assert(whitelist.owner)
+
+        sis = HippieOSSServiceInstance.objects.filter(serial_number = whitelist.serial_number,
+                                                   owner_id = whitelist.owner.id)
+
+        for si in sis:
+            if si.valid != "invalid":
+                self.logger.debug(
+                    "MODEL_POLICY: disabling HippieOSSServiceInstance because of change in the whitelist", si=si)
+                si.valid = "invalid"
+                si.save(update_fields=["valid", "no_sync", "updated"], always_update_timestamp=True)
+
+        whitelist.backend_need_reap=True
+        whitelist.save(update_fields=["backend_need_reap"])
diff --git a/xos/synchronizer/model_policies/test_model_policy_hippieossservice.py b/xos/synchronizer/model_policies/test_model_policy_hippieossservice.py
index 7c5a598..838cc6c 100644
--- a/xos/synchronizer/model_policies/test_model_policy_hippieossservice.py
+++ b/xos/synchronizer/model_policies/test_model_policy_hippieossservice.py
@@ -34,7 +34,6 @@
 
 class TestModelPolicyHippieOssService(unittest.TestCase):
     def setUp(self):
-
         self.sys_path_save = sys.path
         sys.path.append(xos_dir)
         sys.path.append(os.path.join(xos_dir, 'synchronizers', 'new_base'))
@@ -55,6 +54,7 @@
         from model_policy_hippieossservice import OSSServicePolicy, model_accessor
 
         from mock_modelaccessor import MockObjectList
+        self.MockObjectList = MockObjectList
 
         # import all class names to globals
         for (k, v) in model_accessor.all_model_classes.items():
@@ -67,7 +67,8 @@
         self.policy = OSSServicePolicy()
 
         self.service = HippieOSSService(
-            whitelist="BRCM111, BRCM222"
+            id = 5367,
+            whitelist_entries = [],
         )
 
         # needs to be enabled
@@ -109,6 +110,10 @@
             patch.object(self.si4, "save") as si4_save:
             oss_si.return_value = [self.si1, self.si2, self.si3, self.si4]
 
+            wle1 = HippieOSSWhiteListEntry(owner_id=self.service.id, serial_number="BRCM111")
+            wle2 = HippieOSSWhiteListEntry(owner_id=self.service.id, serial_number="BRCM222")
+            self.service.whitelist_entries = self.MockObjectList([wle1, wle2])
+
             self.policy.handle_update(self.service)
 
             self.si1.save.assert_called_with(always_update_timestamp=True, update_fields=['valid', 'no_sync', 'updated'])
diff --git a/xos/synchronizer/model_policies/test_model_policy_hippieosswhitelistentry.py b/xos/synchronizer/model_policies/test_model_policy_hippieosswhitelistentry.py
new file mode 100644
index 0000000..f96c759
--- /dev/null
+++ b/xos/synchronizer/model_policies/test_model_policy_hippieosswhitelistentry.py
@@ -0,0 +1,106 @@
+
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+import unittest
+from mock import patch, call, Mock, PropertyMock
+
+import os, sys
+
+test_path=os.path.abspath(os.path.dirname(os.path.realpath(__file__)))
+service_dir=os.path.join(test_path, "../../../..")
+xos_dir=os.path.join(test_path, "../../..")
+if not os.path.exists(os.path.join(test_path, "new_base")):
+    xos_dir=os.path.join(test_path, "../../../../../../orchestration/xos/xos")
+    services_dir=os.path.join(xos_dir, "../../xos_services")
+
+def get_models_fn(service_name, xproto_name):
+    name = os.path.join(service_name, "xos", "synchronizer", "models", xproto_name)
+    if os.path.exists(os.path.join(services_dir, name)):
+        return name
+    raise Exception("Unable to find service=%s xproto=%s" % (service_name, xproto_name))
+
+class TestModelPolicyHippieOssWhiteListEntry(unittest.TestCase):
+    def setUp(self):
+        self.sys_path_save = sys.path
+        sys.path.append(xos_dir)
+        sys.path.append(os.path.join(xos_dir, 'synchronizers', 'new_base'))
+
+        config = os.path.join(test_path, "../test_config.yaml")
+        from xosconfig import Config
+        Config.clear()
+        Config.init(config, 'synchronizer-config-schema.yaml')
+
+        from synchronizers.new_base.mock_modelaccessor_build import build_mock_modelaccessor
+        build_mock_modelaccessor(xos_dir, services_dir, [
+            get_models_fn("hippie-oss", "hippie-oss.xproto"),
+            get_models_fn("olt-service", "volt.xproto"),
+            get_models_fn("../profiles/rcord", "rcord.xproto")
+        ])
+
+        import synchronizers.new_base.modelaccessor
+        from model_policy_hippieosswhitelistentry import OSSWhiteListEntryPolicy, model_accessor
+
+        from mock_modelaccessor import MockObjectList
+        self.MockObjectList = MockObjectList
+
+        # import all class names to globals
+        for (k, v) in model_accessor.all_model_classes.items():
+            globals()[k] = v
+
+        # Some of the functions we call have side-effects. For example, creating a VSGServiceInstance may lead to creation of
+        # tags. Ideally, this wouldn't happen, but it does. So make sure we reset the world.
+        model_accessor.reset_all_object_stores()
+
+        self.policy = OSSWhiteListEntryPolicy()
+
+        self.service = HippieOSSService()
+
+
+    def tearDown(self):
+        sys.path = self.sys_path_save
+        self.service = None
+
+    def test_whitelist_update(self):
+        """
+        When a whitelist entry is added, see that the HippieOSSServiceInstance was set to valid
+        """
+        with patch.object(HippieOSSServiceInstance.objects, "get_items") as oss_si_items:
+            si = HippieOSSServiceInstance(serial_number="BRCM333", owner_id=self.service.id, valid="invalid")
+            oss_si_items.return_value = [si]
+
+            wle = HippieOSSWhiteListEntry(serial_number="BRCM333", owner_id=self.service.id, owner=self.service)
+
+            self.policy.handle_update(wle)
+
+            self.assertEqual(si.valid, "valid")
+
+    def test_whitelist_delete(self):
+        """
+        When a whitelist entry is deleted, see that the HippieOSSServiceInstance was set to invalid
+        """
+        with patch.object(HippieOSSServiceInstance.objects, "get_items") as oss_si_items:
+            si = HippieOSSServiceInstance(serial_number="BRCM333", owner_id=self.service.id, valid="valid")
+            oss_si_items.return_value = [si]
+
+            wle = HippieOSSWhiteListEntry(serial_number="BRCM333", owner_id=self.service.id, owner=self.service)
+
+            self.policy.handle_delete(wle)
+
+            self.assertEqual(si.valid, "invalid")
+
+if __name__ == '__main__':
+    unittest.main()
+
diff --git a/xos/synchronizer/models/hippie-oss.xproto b/xos/synchronizer/models/hippie-oss.xproto
index 605ce42..5149c0c 100644
--- a/xos/synchronizer/models/hippie-oss.xproto
+++ b/xos/synchronizer/models/hippie-oss.xproto
@@ -5,8 +5,7 @@
     option verbose_name = "HippieOSS Service";
     option kind = "OSS";
 
-    optional string whitelist = 1 [help_text = "A comma separated list of ONUs that are deemed to be valid ONUs", null = True, db_index = False, blank = False];
-    required bool create_on_discovery = 2 [help_text = "Wether to create the subscriber when an ONU is discovered", null = False, db_index = False, blank = False, default = True];
+    required bool create_on_discovery = 2 [help_text = "Whether to create the subscriber when an ONU is discovered", null = False, db_index = False, blank = False, default = True];
 }
 
 message HippieOSSServiceInstance (ServiceInstance){
@@ -18,4 +17,12 @@
     required string authentication_state = 3 [default = "AWAITING", choices = "(('AWAITING', 'Awaiting'), ('STARTED', 'Started'), ('REQUESTED', 'Requested'), ('APPROVED', 'Approved'), ('DENIED', 'Denied'), )", max_length = 50, null = False, db_index = False, blank = False];
     required string of_dpid = 4 [max_length = 254, null = False, db_index = False, blank = False];
     optional int32 c_tag = 5 [null = True, db_index = False, blank = False, unique = True, feedback_state = True];
-}
\ No newline at end of file
+}
+
+message HippieOSSWhiteListEntry (XOSBase) {
+    option verbose_name = "Whitelist";
+    option plural = "hippieosswhitelistentries";
+
+    required manytoone owner->HippieOSSService:whitelist_entries = 1 [db_index = True, null = False, blank = False, tosca_key=True];
+    required string serial_number = 2 [max_length = 254, null = False, db_index = False, blank = False, tosca_key=True, unique_with = "owner"];
+}
diff --git a/xos/synchronizer/steps/sync_hippie_oss_service_instance.py b/xos/synchronizer/steps/sync_hippie_oss_service_instance.py
index 9ca7678..fef1722 100644
--- a/xos/synchronizer/steps/sync_hippie_oss_service_instance.py
+++ b/xos/synchronizer/steps/sync_hippie_oss_service_instance.py
@@ -14,7 +14,7 @@
 
 import json
 from synchronizers.new_base.syncstep import SyncStep, model_accessor
-from synchronizers.new_base.modelaccessor import HippieOSSServiceInstance
+from synchronizers.new_base.modelaccessor import HippieOSSServiceInstance, HippieOSSWhiteListEntry
 
 from xosconfig import Config
 from multistructlog import create_logger
@@ -27,14 +27,14 @@
 
     def validate_in_external_oss(self, si):
         # This is where you may want to call your OSS Database to verify if this ONU can be activated
-
-        # for demonstration the HippieOSSService has a whitelist and if the serial_number
-        # you provided is not in that blacklist, it won't be validated
         oss_service = si.owner.leaf_model
 
-        if si.serial_number not in [x.strip() for x in oss_service.whitelist.split(',')]:
-            return False
-        return True
+        # See if there is a matching entry in the whitelist.
+
+        matching_entries = HippieOSSWhiteListEntry.objects.filter(owner_id=oss_service.id,
+                                                                  serial_number=si.serial_number)
+
+        return len(matching_entries)>0
 
     def get_suscriber_c_tag(self, serial_number):
         # If it's up to your OSS to generate c_tags, fetch them here
diff --git a/xos/synchronizer/steps/test_sync_hippie_oss_service_instance.py b/xos/synchronizer/steps/test_sync_hippie_oss_service_instance.py
index 51bc04e..dca961f 100644
--- a/xos/synchronizer/steps/test_sync_hippie_oss_service_instance.py
+++ b/xos/synchronizer/steps/test_sync_hippie_oss_service_instance.py
@@ -78,7 +78,7 @@
 
         self.oss = Mock()
         self.oss.name = "oss"
-        self.oss.whitelist = "BRCM5678, BRCM1234"
+        self.oss.id = 5367
 
         # create a mock HippieOssServiceInstance instance
         self.o = Mock()
@@ -92,16 +92,18 @@
         sys.path = self.sys_path_save
 
     def test_sync_valid(self):
+        with patch.object(HippieOSSWhiteListEntry.objects, "get_items") as whitelist_items:
+            # Create a whitelist entry for self.o's serial number
+            whitelist_entry = HippieOSSWhiteListEntry(owner_id=self.oss.id, serial_number=self.o.serial_number)
+            whitelist_items.return_value = [whitelist_entry]
 
-        self.sync_step().sync_record(self.o)
+            self.sync_step().sync_record(self.o)
 
-        self.assertEqual(self.o.valid, "valid")
-        self.assertTrue(self.o.no_sync)
-        self.o.save.assert_called()
+            self.assertEqual(self.o.valid, "valid")
+            self.assertTrue(self.o.no_sync)
+            self.o.save.assert_called()
 
     def test_sync_rejected(self):
-        self.oss.whitelist = ""
-
         self.sync_step().sync_record(self.o)
 
         self.assertEqual(self.o.valid, "invalid")