At a glance
NEXT AI enforces full-disk encryption, screen lock, current security updates, anti-malware/antivirus, personal firewall, encrypted SSH keys, and approved password managers across corporate endpoints. Removable media and offline backups are prohibited. Devices are monitored centrally (Drata).
Fleet management (continuous checks)
Full-disk encryption
Screen lock enabled
Latest security updates installed
Malware detection / antivirus
Personal firewall
Encrypted SSH keys
Password management software (approved)
Device hardening & patching
Systems follow secure configuration baselines (CIS Benchmarks) and vendor hardening guidance; defaults are changed, unnecessary services are disabled, logging is enabled, and patches are applied based on criticality.
Access & authentication (workstations/laptops)
MFA required for remote access; unique IDs, strong passwords, and automatic logoff/screen lock enforced; least-privilege applies to software installation.
Malware protection
Anti-malware is installed and enabled on endpoints; definitions update automatically; email/web/downloads are scanned; security tooling must not be disabled.
Removable media & offline backups
Use is prohibited to reduce data-loss and malware risk; removable media is restricted to authorized personnel only.
Lost or stolen devices
Report immediately; encryption reduces exposure; remote wipe is enabled where possible for mobile devices.
Asset inventory
Company-owned devices are inventoried in Drata; devices can be secure-wiped when repurposed or compromised.
Related topics
FAQ
Q: Do you allow BYOD?
Where business needs require it, BYOD must meet the same controls (e.g., device encryption, screen lock, anti-malware, remote-wipe if possible) before accessing company data.
Q: How is encryption enforced on laptops?
Endpoints are continuously monitored for full-disk encryption as part of fleet checks; unencrypted devices are out of policy.
Q: Which hardening standard do you follow?
CIS Benchmarks provide the baseline for secure configuration; vendor hardening guidance is applied as appropriate.
Q: What happens if a device is lost or stolen?
Report it immediately; encryption limits exposure and remote wipe is initiated where supported.
Q: Can users install their own software?
Only approved software is permitted; installation follows least-privilege rules.
Q: Are USB drives allowed?
No. Removable media and offline backups are prohibited to mitigate data-loss and malware risk.