Maintain an inventory of all endpoints used to store and access company data.
All organizational endpoint systems should be identified and protected. In addition, a policy against the inventory should be established and documented (including scan type, number of scans, schedule, and exceptions/exclusions). An inventory of all mobile devices used to store and access company data should be kept and maintained. Include all device status changes (i.e., operating system, patch levels, lost/decommissioned status, and to whom the device is assigned or approved for usage [BYOD]) in the inventory. A documented list of approved application stores should be defined as acceptable for mobile devices accessing or storing provider-managed data.
- Examine the asset register, with reference to endpoints.
- Determine if endpoints that store and access company data are tagged and included in the asset inventory.
[csf.tools Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]
Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.