Perform Device Hardening



The security posture of the devices being used to access the service should be considered. As a minimum, organisations need to ensure that devices are fully patched, are not using administrative privileges, have malware defences in place and are collecting security logs.

Key Considerations

Mobile Device Management



  1. Directive on Security Management - Appendix B: Mandatory Procedures for Information Technology Security Control, subsections B.2.3.1, B., B.2.3.4
  2. SPIN 2017-01
  3. CSE Top 10
  4. Refer to CCCS ITSP.30.031 V2 User Authentication Guidance for Information Technology Systems
  5. Refer to the GC Password Guidance
  6. Refer to the ITPIN 2018-03