Is an MDM required?
An MDM is not a hard requirement for any framework however, it simplifies the requirements for device management within the company. We recommend getting an MDM solution because it simplifies enforcing requirements (i.e. OS patching, antimalware management, configuration management, etc.) for each employee's device.
Who should install the MDM?
If utilizing an MDM they should be installed on all company-issued devices (mobile and tablets can be left out of scope).
- All employees will need to have an MDM in place.
- Contractors that do not have access to the production environment or sensitive customer information (information beyond customer name or basic information) are out of scope for the MDM solution.
What are the recommended MDM settings?
- Enable remote lock (default for most MDM software)
- Enable hard disk encryption (i.e. FileVault)
- Require OS updates to be installed
- Require automatic software updates
- Require anti-virus / anti-malware
- Windows Defender
- MacOS XProtect (on by default)
- Start screensaver on after: 15 minutes
- Require password
- Require alphanumeric / complex password
- Minimum password length: 8 characters
- Maximum grace period: immediately
- Maximum password age: 6 months
- Install 1Password as a custom application if available