ISO/IEC 27001 Control 8.1: User endpoint devices


Information stored on, processed by or accessible via user endpoint devices should be protected.

Necessity of MidPoint

MidPoint is optional for implementation of this control.

Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.

Implementation Overview

MidPoint provide mechanisms to manage non-human identities, which can assist in management of user endpoint devices.

Implementation Details

MidPoint can manage non-human identities, such as desktop computers, mobile devices and other user endpoint devices. Device identities can be synchronized from authoritative data sources (such as devices registered in Active Directory), or maintained manually in midPoint. Organizational structure and role-based access control (RBAC) can be used to set up policies on endpoint device use, e.g. allowing bring-your-own-device (BYOD) only for selected organizational units or roles. Information classification mechanism can be used to record classification level of the devices, which can be used in the policies.


This control deals with remote software maintenance, updates, malware protection, personal firewalls and similar mechanisms, which are mostly out of reach of midPoint. However, midPoint can still provide interesting advantages for management of endpoint devices.

Was this page helpful?
Thanks for your feedback