Let's explore Center for Internet Security Controls or CISControls, which have become an industry standard to help businesses and organizations of all sizes maintain a best practice standard of Cybersecurity controls.

Safeguard 4.12 wraps up our journey through Control 4, which covers securing your configuration of enterprise assets and software. Safeguard 4.12 specifically calls for a separate enterprise workspace on mobile end-user devices.

This is where a virtual "work profile" is created on a mobile device that keeps the end users personal apps separate from your work apps and data. While both Apple configuration profile and Android Work Profile work out of the box, VMware's Workspace One is one of numerous Mobile Device Management Platforms that can help you check this box off.

For the majority of businesses and organizations this is overkill unless you are working with lots of confidential or top secret data. Eve the Safeguard 4.12 is only required if you are looking to achieve Implementation Group 3 Status.

If you can check off 4.1 through 4.11 then you are in a very good state, even without meeting 4.12.

Safeguard 4.12 is also related to NIST 800-53 Revision 5 in AC-19(5) on Full Device or Container-based encryption ad SC-39 on Process Isolation. You can also find it in NIST 800-171 Revision 2 in 3.1.19 on Encrypting CUI on mobile devices and mobile computing platforms.

If you're in the CMMC conversation then look for it in under Access Control (AC) level 2.