4.11: Enforce Remote Wipe Capability on Portable End-User Devices¶

Remotely wipe enterprise data from enterprise-owned portable end-user devices when deemed appropriate such as lost or stolen devices, or when an individual no longer supports the enterprise.

Asset Type	Security Function	Implementation Groups
Devices	Protect	2, 3

Dependencies¶

Safeguard 1.1: Establish and Maintain Detailed Enterprise Asset Inventory
Safegaurd 4.1: Establish and Maintain a Secure Configuration Process

Inputs¶

:code:`GV21: Portable end-user devices
GV3: Configuration standards

Operations¶

Use GV21 to identify and enumerate portable end-user devices that support remote wipe (M1)
Use GV3 to check configuration for remote wipe on portable devices capable of supporting as identified in Operation 1
1. Identify and enumerate portable devices with properly configured remote wipe (M2)
2. Identify and enumerate portable devices with improperly configured remote wipe (M3)

Measures¶

M1 = Count of portable devices capable of supporting remote wipe
M2 = Count of properly configured portable devices
M3 = Count of improperly configured portable devices

Metrics¶

Compliance of Remote Wipe¶

Metric	The percentage of portable devices with properly configured remote wipe.
Calculation	`M2 / M1`

4.11: Enforce Remote Wipe Capability on Portable End-User Devices¶

Dependencies¶

Inputs¶

Operations¶

Measures¶

Metrics¶

Compliance of Remote Wipe¶

CIS Controls Assessment Specification for Controls v8

Navigation

Related Topics