Apply Protection Measures on Endpoint Devices

(Back)

Objective

Prevent malware from running on devices by keeping them well- configured, patched and up to date.

Description

• Centrally manage devices in order to only permit applications trusted by the enterprise to run on devices.
• Use antivirus or anti-malware tools set to automatically scan emails and flash drives, and keep the software (and its definition files) up to date.
• Configure host-based and network firewalls, disallowing inbound connections by default.
• Implement cyber defense tools and technology (e.g., CCCS host-based sensors)
• Use the latest versions of Operating Systems and applications to take advantage of the latest security features.
• Disable macros to decrease the risk of ransomware being spread through Microsoft Office attachments.
• Scan hardware, software, and operating system for vulnerabilities and apply patches and updates to mitigate the risk of the vulnerabilities being exploited by a threat actor, in alignment with GC Patch Management Guidance.

References

TBS

1. DSD Appendix G - Endpoint Management Configuration Requirements (5, 5.1, 5.2, 5.3, 9, 10 and 11)
2. DSD, Appendix G - System Management Configuration Requirements (1)
3. DSM Appendix B (B.2.3.7), and
4. GC Patch Management Guidance (3.1.7)

CCCS

1. Ransomware Playbook (ITSM.00.099) (2.2.5)
2. CSE Top 10 (ITSM.10.089) (2.4)

Related Security Controls (ITSG-33)

SI-2, SI-3, SI-4, SI-4(23), RA-5,