Asset Management & Lifecycle
- A centralized IT asset management system tracks hardware and software inventory across devices, with lifecycle management and check-in/check-out, extended to printers, IoT, and infrastructure.
- Software installation is controlled — local administrative rights are restricted and new installations are routed through the Help Desk — with software assets and licenses managed centrally.
- Hardware is standardized on approved models with a defined refresh lifecycle, and end-of-life operating systems are migrated before support deadlines.
Framework Alignment: NIST CSF ID.AM; CIS Control 1, 2; CMMC Level 1; GDPR Art. 32; ISO 27001:2022 A.5.9, A.8.19
Device Management & Operational Devices
- Endpoints follow hardened, CIS-aligned baseline builds, and local administrator passwords are uniquely managed.
- Mobile and endpoint device management enforces configuration and enables remote response.
- Operational and field devices (driver tablets, handheld scanners) are centrally managed with configuration enforcement and remote wipe.
Framework Alignment: NIST CSF PR.PS; CIS Control 4; GDPR Art. 32; ISO 27001:2022 A.8.1
Endpoint Detection & Response (EDR)
- Endpoint detection and response (EDR) is deployed across the workstation and server fleet, replacing legacy antivirus, with coverage extended to cloud compute.
- Detections are monitored and triaged; layered malicious-code protection spans email, web, servers, and endpoints.
- Real-time and periodic scanning detect and remediate malicious activity.
Framework Alignment: NIST CSF DE.CM, PR.PS; CIS Control 10; CMMC Level 1 (SI); GDPR Art. 32; ISO 27001:2022 A.8.7
Personal Device (BYOD) & Removable Media
- Use of personally owned devices for work is governed by a Personal Device Use Policy and the acceptable-use policy, with company-provided devices preferred and personal use limited to an as-needed basis.
- Personal devices must meet defined security requirements before access — encryption, screen-lock, current anti-malware/EDR, maintained operating systems, and no jailbroken/rooted devices — and every device is treated as untrusted by default, requiring validation before access is granted.
- Removable media is automatically scanned upon insertion, and endpoints are contained if malware is identified.
Framework Alignment: NIST CSF PR.AA, PR.PS, DE.CM; CIS Control 4, 10; CMMC Level 1; GDPR Art. 32; ISO 27001:2022 A.8.1, A.7.10
