Does your organization deploy endpoint security solutions that can detect security issues and enforce remediation before granting network access?
Explanation
Endpoint posture checks are the subject, specifically whether your endpoint security can detect issues like missing patches or malware and enforce remediation before a device joins the network. These solutions, often called Network Access Control (NAC) or endpoint compliance systems, can automatically quarantine or redirect non-compliant devices to a remediation environment where issues can be fixed before granting full network access.
Evidence of fulfillment could include documentation of your NAC solution configuration, screenshots of the management console showing policy enforcement rules, remediation workflows, and reports showing endpoints that were quarantined and subsequently remediated before being granted access.
Implementation Example
Use technologies with a presence on endpoints to detect cyber health issues (e.g., missing patches, malware infections, unauthorized software), and redirect the endpoints to a remediation environment before access is authorized
ID: DE.CM-09.289
Context
- Function
- DE: DETECT
- Category
- DE.CM: Continuous Monitoring
- Sub-Category
- Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events
Related questions
- Does your organization have a system in place to monitor DNS, BGP, and other critical network services for suspicious or malicious activities?
- Does your organization implement network monitoring controls to detect and alert on unauthorized endpoint connections to both wired and wireless networks?
- Does your organization have a process to regularly monitor facilities for unauthorized or rogue wireless networks?
- Does your organization regularly compare actual network traffic flows against established baselines to detect and investigate deviations?
- Does your organization continuously monitor network communications to detect changes in security postures as part of a zero trust architecture?
- Does your organization monitor physical access control logs for unusual patterns and failed access attempts?

