UEM-04: Endpoint Inventory

CSF v1.1 References:

PF v1.0 References:

Info icon.

Control is new to this version of the control set and incorporates the following item from the previous version: MOS-09: Device Inventory.

Control Statement

Maintain an inventory of all endpoints used to store and access company data.

Implementation Guidance

All organizational endpoint systems should be identified and protected. In addition, a policy against the inventory should be established and documented (including scan type, number of scans, schedule, and exceptions/exclusions). An inventory of all mobile devices used to store and access company data should be kept and maintained. Include all device status changes (i.e., operating system, patch levels, lost/decommissioned status, and to whom the device is assigned or approved for usage [BYOD]) in the inventory. A documented list of approved application stores should be defined as acceptable for mobile devices accessing or storing provider-managed data.

Auditing Guidance

  1. Examine the asset register, with reference to endpoints.
  2. Determine if endpoints that store and access company data are tagged and included in the asset inventory.

[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.