The Center for Internet Security Controls or hashtag#CISControls have become an industry standard to help businesses and organizations of all sizes to maintain an industry standard of hashtag#Cybersecurity controls.

Today we explore CIS Control Safeguard 4.11 which just like 4.10 is one that everyone should consider applying but is only required in Implementation Groups 2 and 3. Safeguard 4.11 is the enforcement of remote wipe capability on portable end-user devices.

Yes, the ability to remotely wipe enterprise data from enterprise-owned portable end-user devices when deemed appropriate such as a lost or stolen device, or when an individual no longer supports the enterprise.

This isn't new, in fact Exchange I remember at least back to Exchange Server 2010 where if E-Mail was connected to the device we had the capability of remote wipe. With Exchange ActiveSync v16.1 you have the Wipe Data or the Account Only Remote Wipe Device which is important. With Native iOS or Android device the Wipe Data wipes all data on the device including photos, personal files, and so on. The Account Only Remote Wipe Device command will only wipe the native mail app's exchange ActiveSync mail, calendar, and account data.

And yes, if you have Microsoft 365, Exchange Server, and even Google Workspace has functionality to remote wipe portable end-user devices. So if you're using one of those services, pull out your CIS Checklist and mark it off 4.11 as compliant!