+AM-12 Removable Media and Endpoint Devices
---+AM-12.01B
---+AM-12.01AC

1. Übersicht

AM-12 Removable Media and Endpoint Devices

-
AM-12.01B Based on a risk assessment (cf. OIS-07), the cloud service provider designs, implements and maintains controls for endpoint devices and removable storage media regarding the following aspects:

1. Except for system administrative tasks for which no other method is available, the use of removable media is forbidden;
2. Removable media is used for dedicated, specific purposes only;
3. Storage encryption is enabled on managed endpoints and removable storage media (except those used for unavoidable system administration actions) to protect information from unauthorised disclosure;
4. Managed endpoints are configured with anti-malware detection and prevention technology and services;
5. Self-execution from removable storage is disabled and storage media is scanned before use on the cloud service provider's systems;
6. Measures are to be taken by users to protect mobile endpoints and removable storage in transit and in storage;
7. Protection in terms of confidentiality and integrity of any equipment containing cloud service customer data during the transfer off-site for disposal is equivalent to that on the site;
8. Cloud service customer data and cloud service derived data stored on shareable equipment is encrypted in accordance with CRY-05 or destroyed using a secure deletion mechanism before the equipment is shared with a third party;
9. Users are to use mobile endpoints and removable storage in a secure manner, this includes for example not leaving media openly accessible in public spaces, using screen locks and screen privacy films; and
10. Measures for maintaining proper security of third party endpoints with access to organisational assets are to be defined.


A removable medium is a portable data storage medium that can be added to or removed from a computing device or network. Examples include, but are not limited to, optical discs (e.g., CD, DVD, Blu-ray), external or removable hard drives or solid state disk drives, magnetic or optical tapes and flash memory devices (e.g., USB, eSATA, flash drive, thumb drive).
AM-12.01AC Policies and procedures for endpoint devices and removable storage media furthermore contain the following aspects:

1. Managed endpoints are configured with appropriate software firewalls;
2. Managed endpoints are configured with Data Loss Prevention (DLP) technologies and rules in accordance with a risk assessment (cf. OIS-07);
3. Remote geo-location capabilities are enabled for all managed mobile endpoints; and
4. Define, implement and evaluate processes, procedures and technical safeguards to enable the deletion of company data remotely on managed endpoint devices.


A removable medium is a portable data storage medium that can be added to or removed from a computing device or network. Examples include, but are not limited to, optical discs (e.g., CD, DVD, Blu-ray), external or removable hard drives or solid state disk drives, magnetic or optical tapes and flash memory devices (e.g., USB, eSATA, flash drive, thumb drive).

1.1 Referenzen

1.2 Identifizierte Anforderungen

1.2 Related Regulation

2. Identifizierte Anforderungen

Anforderungen

3. Related Regulations

Regulations
Impressum