SecFrame Explorer
3/3
// Level 3 · Controls

Universal Endpoint Management

UEM domain controls.

UEM-01Medium

Endpoint Devices Policy and Procedures

Establish, document, approve, communicate, apply, evaluate and maintain policies and procedures for all endpoints.

UEM-02Medium

Application and Service Approval

Define, document, apply and evaluate a list of approved services, applications and sources of applications (stores) acceptable for use by endpoints when accessing or storing organization-managed data.

UEM-03Medium

Compatibility

Define and implement a process for the validation of the endpoint device's compatibility with operating systems and applications.

UEM-04Medium

Endpoint Inventory

Maintain an inventory of all endpoints used to store and access company data.

UEM-05Medium

Endpoint Management

Define, implement and evaluate processes, procedures and technical measures to enforce policies and controls for all endpoints permitted to access systems and/or store, transmit, or process organizational data.

UEM-06Medium

Automatic Lock Screen

Configure all relevant interactive-use endpoints to require an automatic lock screen.

UEM-07Medium

Operating Systems

Manage changes to endpoint operating systems, patch levels, and/or applications through the company's change management processes.

UEM-08High

Storage Encryption

Protect information from unauthorized disclosure on managed endpoint devices with storage encryption.

UEM-09Medium

Anti-Malware Detection and Prevention

Configure managed endpoints with anti-malware detection and prevention technology and services.

UEM-10Medium

Software Firewall

Configure managed endpoints with properly configured software firewalls.

UEM-11Medium

Data Loss Prevention

Configure managed endpoints with Data Loss Prevention (DLP) technologies and rules in accordance with a risk assessment.

UEM-12Medium

Remote Locate

Enable remote geo-location capabilities for all managed mobile endpoints.

UEM-13Medium

Remote Wipe

Define, implement and evaluate processes, procedures and technical measures to enable the deletion of company data remotely on managed endpoint devices.

UEM-14Medium

Third-Party Endpoint Security Posture

Define, implement and evaluate processes, procedures and technical and/or contractual measures to maintain proper security of third-party endpoints with access to organizational assets.