When to use this
Use this standard to define the minimum security baseline for user endpoint devices before they access organizational information.
Related controls
Endpoint baseline
| Control area | Required standard | Evidence source |
|---|---|---|
| Inventory | Device registered before access | Endpoint inventory/MDM |
| Updates | Security updates applied within defined timeframe | Patch report |
| Malware/EDR | Enabled where applicable | EDR/AV console |
| Encryption | Enabled for portable devices | MDM/encryption report |
| Authentication | Strong user authentication | IAM/MDM |
| Screen lock | Auto-lock after risk-based timeout | Policy/configuration |
| Remote access | Approved secure connection method | VPN/ZTNA logs |
| Local storage | Defined by classification | Policy/user training |
| Loss/theft | Reported immediately through defined channel | Incident record |
- Template
- Iso27001
- Technological controls
- Endpoint security
Note Metadata
Aliases: Endpoint Security Standard
Source: 90 Templates/Endpoint Device Security Standard.md
Related Notes
- ISO 27001 A.6.7 - Remote Working
- ISO 27001 A.7.9 - Security of Assets Off-Premises
- A.8.1 Audit Evidence Pack
- ISO 27001 A.8.1 - User End Point Devices
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.8.1 Audit Checklist
- Endpoint Device Inventory and Compliance Register
- Templates MOC