Article 51 – Endpoint Security Policy
49080.4 Policy Directives
-
CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) shall ensure that:
-
All CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) endpoints are identified and endpoint asset inventories are documented and continually updated.
-
Risks to individual CDCRCalifornia Department of Corrections and Rehabilitation / CCHCS / CALPIACalifornia Prison Industry Authority (formerly PIA) endpoint device types and the data they access, process, and store are assessed.
-
The requisite endpoint protection controls, as referenced in the Statewide Information Management Manual, are implemented and maintained to mitigate risks to each endpoint.
-
Endpoint protection controls include people (asset users), processes, and technology controls.
-
Endpoint protection controls are continuously monitored.
-
Endpoint protection controls are reviewed at least annually.
-