Workstation

Workstation

MedStack Confidential

Metadata

responsible officer: CTO
approved by: CTO
date
- effective: 2018-06-20
- revised: 2020-08-05
- reviewed: 2022-08-31
Applicability: standard

Automatically manage workstation computers using Mobile Device Management (MDM) software

Require and enforce device protections
- full-disk encryption of data on all devices (such as phones and laptops)
- strong authentication
- automatic screen lock for unattended devices
- software and firmware updates from the vendor
- remote wipe

Protect information from unauthorized view

Papers and removable media
- store out of site when they are unattended
When working in a public environment such as a coffee shop
- Shield the screen and keyboard from view when entering or viewing secrets.

Enforcement

Responsible party: All managers and supervisors
sanctions: standard

References

Code	Section	Title
ISO	A.11.2.8	Unattended user equipment
ISO	A.11.2.9	Clear desk and clear screen policy
HIPAA	164.310(b)	Standard: Workstation use
HIPAA	164.310(c)	Standard: Workstation security
SOC2	CC6.4	The entity restricts physical access to facilities and protected information assets (for example, data center facilities, back-up media storage, and other sensitive locations) to authorized personnel to meet the entity’s objectives.
SOC2	CC6.5	The entity discontinues logical and physical protections over physical assets only after the ability to read or recover data and software from those assets has been diminished and is no longer required to meet the entity’s objectives.
SOC2	CC6.5	The entity discontinues logical and physical protections over physical assets only after the ability to read or recover data and software from those assets has been diminished and is no longer required to meet the entity’s objectives.
SOC2	A1.2	The entity authorizes, designs, develops or acquires, implements, operates, approves, maintains, and monitors environmental protections, software, data back-up processes, and recovery infrastructure to meet its objectives.