ISO/IEC 27001 Control 7.9: Security of assets off-premises
Control
Off-site assets should be protected.
Necessity of MidPoint
MidPoint is optional for implementation of this control.
Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.
Implementation Overview
MidPoint provide mechanisms to manage non-human identities, such as mobile devices.
Implementation Details
MidPoint can manage non-human identities, such as identities for mobile devices (BYOD) or other off-premise assets. MidPoint can maintain inventory of the devices and other off-premise assets, using archetypes to distinguish individual asset types. Assignments and linked object features can be used to track possession of devices, or responsibility over assets. MidPoint can automatically manage permissions necessary for the devices to access information in applications (technical accounts), automatically provisioning and de-provisioning the access. Audit trail can be used to record changes in device possession, keeping a log of device transfers.
Rationale
This control is mostly about physical security, which is out of reach of midPoint. However, midPoint can provide capabilities to inventory and manage mobile device identities.