Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for all endpoints. Review and update the policies and procedures at least annually.
Define, document, apply and evaluate a list of approved services, applications and sources of applications (stores) acceptable for use by endpoints when accessing or storing organization-managed data.
Define and implement a process for the validation of the endpoint device's compatibility with operating systems and applications.
Maintain an inventory of all endpoints used to store and access company data.
Define, implement and evaluate processes, procedures and technical measures to enforce policies and controls for all endpoints permitted to access systems and/or store, transmit, or process organizational data.
Configure all relevant interactive-use endpoints to require an automatic lock screen.
Manage changes to endpoint operating systems, patch levels, and/or applications through the company's change management processes.
Protect information from unauthorized disclosure on managed endpoint devices with storage encryption.
Configure managed endpoints with anti-malware detection and prevention technology and services.
Configure managed endpoints with properly configured software firewalls.
Configure managed endpoints with Data Loss Prevention (DLP) technologies and rules in accordance with a risk assessment.
Enable remote geo-location capabilities for all managed mobile endpoints.
Define, implement and evaluate processes, procedures and technical measures to enable the deletion of company data remotely on managed endpoint devices.
Define, implement and evaluate processes, procedures and technical and/or contractual measures to maintain proper security of third-party endpoints with access to organizational assets.