UnixTime

Research Note

A.8.1 Audit Checklist

- Review endpoint policy and device security standard. - Confirm endpoint inventory includes corporate and BYOD devices. - Sample endpoint compliance reports. - Check patch, mal...

On this page

When to use this

Use this checklist during an internal audit of user endpoint device protection.

Audit checklist

  • Review endpoint policy and device security standard.
  • Confirm endpoint inventory includes corporate and BYOD devices.
  • Sample endpoint compliance reports.
  • Check patch, malware/EDR, encryption, and screen lock evidence.
  • Review remote access controls.
  • Check session timeout settings.
  • Review local storage and cloud backup rules.
  • Check loss/theft response process.
  • Interview users on device responsibilities.

Findings table

Device/use case Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD