END — Endpoint Security
47 controls in the Endpoint Security domain
END-01Endpoint Device Management (EDM)
END-01.1Unified Endpoint Device Management (UEDM)
END-02Endpoint Protection Measures
END-03Prohibit Installation Without Privileged Status
END-03.1Software Installation Alerts
END-03.2Governing Access Restriction for Change
END-04Malicious Code Protection (Anti-Malware)
END-04.1Automatic Antimalware Signature Updates
END-04.2Documented Protection Measures
END-04.3Centralized Management of Antimalware Technologies
END-04.4Heuristic / Nonsignature-Based Detection
END-04.5Malware Protection Mechanism Testing
END-04.6Evolving Malware Threats
END-04.7Always On Protection
END-05Software Firewall
END-06Endpoint File Integrity Monitoring (FIM)
END-06.1Integrity Checks
END-06.2Endpoint Detection & Response (EDR)
END-06.3Automated Notifications of Integrity Violations
END-06.4Automated Response to Integrity Violations
END-06.5Boot Process Integrity
END-06.6Protection of Boot Firmware
END-06.7Binary or Machine-Executable Code
END-06.8Extended Detection & Response (XDR)
END-07Host Intrusion Detection and Prevention Systems (HIDS / HIPS)
END-08Phishing & Spam Protection
END-08.1Central Management
END-08.2Automatic Spam and Phishing Protection Updates
END-09Trusted Path
END-10Mobile Code
END-11Thin Nodes
END-12Port & Input / Output (I/O) Device Access
END-13Sensor Capability
END-13.1Authorized Use
END-13.2Notice of Collection
END-13.3Collection Minimization
END-13.4Sensor Delivery Verification
END-14Collaborative Computing Devices
END-14.1Disabling / Removal In Secure Work Areas
END-14.2Explicitly Indicate Current Participants
END-14.3Participant Identity Verification
END-14.4Participant Connection Management
END-14.5Malicious Link & File Protections
END-14.6Explicit Indication Of Use
END-15Hypervisor Access
END-16Restrict Access To Security Functions
END-16.1Host-Based Security Function Isolation