UnixTime

Research Note

Endpoint Device Security Standard

Use this standard to define the minimum security baseline for user endpoint devices before they access organizational information.

On this page

When to use this

Use this standard to define the minimum security baseline for user endpoint devices before they access organizational information.

Endpoint baseline

Control area Required standard Evidence source
Inventory Device registered before access Endpoint inventory/MDM
Updates Security updates applied within defined timeframe Patch report
Malware/EDR Enabled where applicable EDR/AV console
Encryption Enabled for portable devices MDM/encryption report
Authentication Strong user authentication IAM/MDM
Screen lock Auto-lock after risk-based timeout Policy/configuration
Remote access Approved secure connection method VPN/ZTNA logs
Local storage Defined by classification Policy/user training
Loss/theft Reported immediately through defined channel Incident record