Harden and centrally manage endpoint devices to protect Technology Assets, Applications, Services and Data (TAASD) from unauthorized access, compromise and disruption.
Organizations protect endpoint devices and associated data through secure configuration, access control, malware protection, monitoring, response and lifecycle management practices aligned with applicable security, compliance and resilience obligations.
Endpoints are the primary attack surface for most threat actors. Phishing, malware delivery, credential theft and lateral movement all typically involve endpoints at some stage. The END domain governs the discipline of hardening and centrally managing those devices, including secure configuration, access control, malware protection, monitoring, response capabilities and lifecycle management.
The SCF's intent for END makes central management a requirement, not a preference. Endpoints that are self-managed or only sporadically connected to corporate management infrastructure represent gaps in visibility and control. BYOD policies that allow personal devices without management controls extend the attack surface into environments the organization cannot secure or monitor.
END connects to Mobile Device Management (MDM) but the two domains serve different populations. MDM governs mobile-specific risks including device ownership models, mobile data storage and remote management requirements. END addresses the broader endpoint population including desktops, laptops, servers and virtual workstations under a unified hardening and management framework.