| Endpoint Security | Mechanisms exist to facilitate the implementation of endpoint security controls. | |
| Endpoint Protection Measures | Mechanisms exist to protect the confidentiality, integrity, availability and safety of endpoint devices. | |
| Prohibit Installation Without Privileged Status | Automated mechanisms exist to prohibit software installations without explicitly assigned privileged status. | |
| Software Installation Alerts | Mechanisms exist to generate an alert when new software is detected. | |
| Governing Access Restriction for Change | Mechanisms exist to define, document, approve and enforce access restrictions associated with changes to systems. | |
| Malicious Code Protection (Anti-Malware) | Mechanisms exist to utilize antimalware technologies to detect and eradicate malicious code. | |
| Automatic Antimalware Signature Updates | Mechanisms exist to automatically update antimalware technologies, including signature definitions. | |
| Centralized Management of Antimalware Technologies | Mechanisms exist to centrally-manage antimalware technologies. | |
| Heuristic / Nonsignature-Based Detection | Mechanisms exist to utilize heuristic / nonsignature-based antimalware detection capabilities. | |
| Always On Protection | Mechanisms exist to ensure that anti-malware technologies are continuously running in real-time and cannot be disabled or altered by non-privileged users, unless specifically authorized by management on a case-by-case basis for a limited time period. | |
| Software Firewall | Mechanisms exist to utilize host-based firewall software, or a similar technology, on all information systems, where technically feasible. | |
| Endpoint File Integrity Monitoring (FIM) | Mechanisms exist to utilize File Integrity Monitor (FIM), or similar technologies, to detect and report on unauthorized changes to selected files and configuration settings. | |
| Integrity Checks | Mechanisms exist to validate configurations through integrity checking of software and firmware. | |
| Endpoint Detection & Response (EDR) | Mechanisms exist to detect and respond to unauthorized configuration changes as cybersecurity incidents. | |
| Host Intrusion Detection and Prevention Systems (HIDS / HIPS) | Mechanisms exist to utilize Host-based Intrusion Detection / Prevention Systems (HIDS / HIPS), or similar technologies, to monitor for and protect against anomalous host activity, including lateral movement across the network. | |
| Phishing & Spam Protection | Mechanisms exist to utilize anti-phishing and spam protection technologies to detect and take action on unsolicited messages transported by electronic mail. | |
| Trusted Path | Mechanisms exist to establish a trusted communications path between the user and the security functions of the operating system. | |
| Restrict Access To Security Functions | Mechanisms exist to ensure security functions are restricted to authorized individuals and enforce least privilege control requirements for necessary job functions. | |