Endpoint Security
Public workspace security
Shared workspace endpoints are physically protected from tampering with or removing the hardware.
Screen lock
When a workstation is left unattended, the session/screen is locked automatically after a maximum of 15 minutes and the user prompted for re-authentication.
Memory protection
Endpoints have appropriate protections to prevent attacks on memory.
Local privileged accounts
Regular end-users do not have privileged access to endpoints continuously, including but not limited to the ability to modify organisationally managed system settings, changes to environment variables, directly modify the...
Anti-Malware protection
Preventive, detective and corrective measures are in place (especially up-to-date security patches and virus control) across the organisation to protect information systems and technology from malware (e.g., viruses, worms, spyware,...
Scripts and Executables
Unless necessary for executing job responsibilities, by default user endpoints do not allow the execution of scripts and executables. If the function necessitates this access, it will be documented and...