Endpoint Security

Search

Understanding Endpoint Security (MDM)

What is an MDM?

Mobile Device Management is any software that allows IT to automate, control, and secure administrative policies on laptops, smartphones, tablets, or any other device connected to an organization’s network.

Is an MDM required?

A Mobile Device Manager (MDM) is not a hard requirement for any framework however, it simplifies the requirements for device management within the company. We recommend getting an MDM solution because it simplifies enforcing requirements (i.e. OS patching, anti-malware management, configuration management, etc.) for each employee's device.

What MDM's does Secureframe Integrate with?

Secureframe has integrations with many different MDM providers. Below you will see the MDM's we currently support. (Note: see our full list of Integrations here.)

To find out more about some popular MDM tools Secureframe integrates with, please follow the article links below:

(Note: Some articles may require signing in. Please sign in using your Secureframe credentials or social sign-in to access additional content

Popular MDMs

Not using an MDM?

Secureframe offers the Secureframe Agent, free for our customers to use. The Secureframe Agent is a read-only agent designed to help your organization be secure by reporting on key device settings. To read more on the Secureframe Agent, please follow the link below:

How does the Secureframe Agent work? 

Mac Users with no MDM

If you are using Xprotect as the baseline endpoint security software for Mac computers, use the below guidance to help collect the required evidence once the auditor has selected their sample from the population.

Antivirus Check

For the test "Anti-malware enforcement for user endpoints"

1. Go to "System Settings"

2. Go to "General" and then "About"

3. Click "System Report" at the bottom 

4. Scroll down to Software and click "Installations"

5. Within software name scroll down to the latest version of XProtect and take a screenshot of the visual below be sure to include the date is showing.

xprotect.png

Password Check

For the test "Password policy on user endpoints"

1. Go to "System Preferences" →

2. Go to "Users & Groups"  and click on the “i” for the user

3. Change password to show password is required prior to accessing the operating system within the laptop/computer.

4. Take a screenshot and make sure to have the date showing as well.

xprotect password.png

HD Encryption

For the test "Hard drive encryption for user endpoints"

1. Go to "System Settings"

2. Go to "Privacy & Security"

3. Scroll down to "Firevault" and take a screenshot and upload to the relevant test be sure include the date in the screenshot.

image2.png

Who should install the MDM?

If utilizing an MDM, it should be installed on all company-issued devices (mobile and tablets can be left out of scope)

  • All employees will need to have an MDM in place.
  • Contractors that do not have access to the production environment or sensitive customer information (information beyond customer name or basic information) are out of scope for the MDM solution.

What are the recommended MDM settings?

  • Enable remote lock (default for most MDM software)
  • Enable hard disk encryption (i.e. FileVault)
  • Require OS updates to be installed
  • Require automatic software updates
  • Require anti-virus / anti-malware
    • Windows Defender
    • MacOS XProtect (on by default)
  • Start screensaver on after: 15 minutes
  • Require password
    • Require alphanumeric / complex password
    • Minimum password length: 8 characters
    • Maximum grace period: immediately
    • Maximum password age: 6 months
    • Install 1Password as a custom application if available

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.