Security Framework
7: IISF Functional Viewpoint
Figure 7-3: Functional Breakdown for Endpoint Protection
Endpoint Protection assures the availability, confidentiality and integrity of the functionality performed by the endpoint.
Endpoint security should consider at least these security functions:
Endpoint Physical Security provides physical protection of the endpoint with anti-tampering and theft prevention mechanisms to prevent uncontrolled changes or removal of the endpoint.
Endpoint Root of Trust provides a foundation to secure other functions at the endpoint, from the hardware to applications including firmware, virtualization layer, operating system, execution environment and application. It also provides confidence on the endpoint identity.
Endpoint Identity is based on the inherent properties of an endpoint that distinguishes it from other endpoints. Identity needs to be supported with evidence or testimonials that confirm the claim of identity, referred as credentials.
Endpoint Integrity Protection ensures the endpoint is in the configuration required to perform its functions predictably.
Endpoint Access Control ensures that proper identification, authentication and authorization is performed prior to granting any resources or services.
Endpoint Secure Configuration and management controls updates of security policy and configuration at the endpoint, including upgrades and patches of known vulnerabilities.
IIC: PUB: G4: V1.0: PB: 20160926- 49-