Telework Cybersecurity Controls (TCC)

Free Trial

Endpoint Central helps comply with Telework Cybersecurity Controls

As remote work becomes more prevalent, it enhances productivity and organizational performance. However, the growing reliance on telework introduces new cybersecurity risks, making it crucial to implement robust controls to safeguard remote systems. Recognizing this need, the National Cybersecurity Authority (NCA) developed the Telework Cybersecurity Controls (TCC) to ensure secure teleworking environments.

This guide highlights how Endpoint Central, ManageEngine's unified endpoint management and security solution, helps organizations comply with the Telework Cybersecurity Controls, a framework consisting of:

3 Main Domains
16 Subdomains
21 Main Controls
42 Sub-controls

Note:  Organizations must view TCC as an extension of Essential Cybersecurity Controls

Explore how Endpoint Central enables a secure, compliant telework environment while minimizing cyber risks.

 

S.No Telework Cybersecurity Controls How Endpoint Central helps
2-1 Asset Management

To ensure that the organization has an accurate and detailed inventory of information and technology assets in order to support the organization’s cybersecurity and operational requirements to maintain the confidentiality, integrity, and availability of information and technology assets.

2-1-1-1 Identifying and maintaining an annually-updated Inventory of information and technology assets of the telework systems.

Endpoint Central has comprehensive Asset management capabilities for both hardware and software. It can list the computers, hardware, software, and files stored in your network.
2-3 Information System and Processing Facilities Protection

To ensure the protection of information systems and information processing facilities (including workstations and infrastructures) against cyber risks.

2-3-1-1 Applying updates and security patches for telework systems at least once every three months.
2-3-1-2 Reviewing telework systems’ configurations and hardening at least once every year.
2-3-1-3 Reviewing and changing default configurations, and ensuring the removal of hard-coded, backdoor, and/or default passwords.
2-3-1-4 Securing Session Management, including the session authenticity, lockout, and timeout.
2-3-1-5 Restricting the activation of the features and services of the telework systems based on needs, provided that potential cyber risks are analyzed if there is a need to activate them.
Endpoint Central's architecture is designed to deploy patches to telework systems without consuming the organization's internet bandwidth.
Endpoint Central helps you comply with 75+ CIS benchmarks to secure telework systems.
Endpoint Central also helps admins provide fixes for Zero-day vulnerabilities and security misconfigurations.
2-4 Network Security Management

To ensure the protection of the organization’s network from cyber risks.

2-4-1-1 Restrictions on network services, protocols, and ports used to access remotely, specifically to internal systems and to only be opened based on need.
2-4-1-2 Reviewing firewall rules and configurations, at least once every year.
2-4-1-3 Protecting against Distributed Denial of Service Attack (DDoS) attacks to limit risks arising from these attacks.
2-4-1-4 Protecting against Advanced Persistent Threats (APT) at the network layer.
Admins can perform port audits with Endpoint Central to identify ports that exhibit anomalous behavior.
Endpoint Central helps admins provide fixes for Zero-day vulnerabilities and security misconfigurations.
Endpoint Central comes handy for admins to configure Windows Firewall for end-users.
2-5 Mobile Device Security

To ensure the protection of mobile devices (including laptops, smartphones, tablets) from cyber risks and to ensure the secure handling of the organization’s information (including sensitive information) while utilizing Bring Your Own Device (BYOD) policy.

2-5-1-1 Central management of mobile devices and BYODs using a Mobile Device Management system (MDM).
2-5-1-2 Applying updates and security patches on mobile devices, at least once every month.
Endpoint Central's MDM capability helps streamline updates for both mobile OS and applications.
Endpoint Central's BYOD policies ensure that personal and corporate data are separated and containerized in end-user devices.
Endpoint Central has Conditional Exchange Access to restrict access for unmanaged devices and permit only MDM-approved BYOD devices to access Exchange servers.
With Endpoint Central, you can permit BYOD devices access Microsoft 365 apps that fulfill specific security conditions, OS, and patch versions and those that have passwords, DLP policies,and other requirements.
2-6 Data and Information Protection

To ensure the confidentiality, integrity, and availability of the organization’s data and information as per organizational policies and procedures, and related laws and regulations.

2-6-1-1 Identifying classified data, according to relevant regulations, that can be used, accessed, or dealt with through telework systems.
2-6-1-2 Protecting classified data, identified in control 2-6-1-1, using controls such as: not allowing the use of a specific type of classified data, or by the use of technology (e.g. Data Leakage Prevention), determined by analyzing the cyber risks of the organization.

Endpoint Central provides advanced data leakage prevention capabilities, allowing administrators to identify and categorize data while maintaining control over its flow within the IT environment.
2-9 Vulnerabilities Management

To ensure timely detection and effective remediation of technical vulnerabilities to prevent or minimize the probability of exploiting these vulnerabilities to launch cyber attacks against the organization.

2-9-1-1 Assessing vulnerabilities on technical components of telework systems and classifying them based on criticality at least once every three months.
2-9-1-2 Remediating vulnerabilities for telework systems, at least once every three months.

Endpoint Central delivers comprehensive vulnerability management with continuous threat assessment and centralized visibility of risks.
Endpoint Central enables risk-based vulnerability management, allowing administrators to prioritize vulnerabilities based on criteria such as CVSS scores, CVE impact types, patch availability, and other relevant factors.
Was this article helpful?

Thank you for your feedback!

Sorry about that!

By clicking "Submit", you agree to processing of personal data according to thePrivacy Policy.

Trusted by

Back to Top