Skip to content

Endpoint Security Standard

Organization: FrontRunnerHC, Inc. (FRHC)
Parent Policy Reference: Summit Technology Holdings – Endpoint Security Policy
Framework Reference: Secure Controls Framework – Endpoint Security (END)


This standard defines how FrontRunnerHC (FRHC) implements the enterprise-wide Endpoint Security requirements established by Summit Technology Holdings, LLC (STH). It documents the controls and practices used to protect servers, workstations, laptops, and other endpoint devices from threats and to safeguard data and systems from unauthorized access or compromise.


This standard applies to all endpoints managed by FRHC, including physical and virtual servers, desktop workstations, laptops, and authorized personal devices connected to the FRHC network. It applies to on-premises systems at the Evocative datacenter, cloud-based virtual machines, and remote devices used by the FRHC workforce.


FRHC employs a comprehensive set of security controls to manage endpoint security across all device types. Employees are required to prevent unintended exposure, modification, or removal of private, copyrighted, or confidential information. Business information must be stored in a manner that enables authorized backup services to protect it. Administrative access is restricted in accordance with the principle of least privilege.

  • Parent Policy Mapping: STH Endpoint Security Policy, Section 3.1
  • SCF Mapping: END-01 (Endpoint Device Management (EDM))

Endpoint devices must be secured with appropriate authentication controls before connecting to the FRHC network or accessing company data. Operating system and application software must be kept current with security-related patches as soon as practicable. Systems without required patches or infected by malware must be disconnected from the company network. All externally supplied computer-readable files must be decrypted and scanned prior to use. All software and files downloaded from external sources must be scanned with malicious software detection software prior to execution. Removable media auto-run must be disabled. Personal devices authorized to connect to the FRHC network must comply with this standard.

  • Parent Policy Mapping: STH Endpoint Security Policy, Section 3.2
  • SCF Mapping: END-02 (Endpoint Protection Measures)

3.3 Malicious Code Protection (Anti-Malware)

Section titled “3.3 Malicious Code Protection (Anti-Malware)”

All endpoint devices capable of running security software are required to do so before connecting to the FRHC network. Anti-malware software must run the latest definition updates, be configured for automatic updates, and provide always-on protection. Behavior-based, centrally managed anti-malware software is deployed across the enterprise. Disabling or removing security software, or preventing updates, is prohibited. Anti-exploitation features are enabled on enterprise assets and software where possible. Anti-malware software is configured to automatically scan removable media upon connection.

  • Parent Policy Mapping: STH Endpoint Security Policy, Section 3.3
  • SCF Mapping: END-04 (Malicious Code Protection (Anti-Malware))

Where technically feasible, all endpoint devices employ host-based software firewall software to protect the device from external threats. All firewalls and routers used on the company network are configured in accordance with FRHC’s router and firewall procedures to ensure network and data security.

  • Parent Policy Mapping: STH Endpoint Security Policy, Section 3.4
  • SCF Mapping: END-05 (Software Firewall)

3.5 Endpoint File Integrity Monitoring (FIM)

Section titled “3.5 Endpoint File Integrity Monitoring (FIM)”

A File Integrity Monitoring (FIM) solution is deployed on all servers to monitor and validate the integrity of the operating system using verification comparisons between current file states and an approved baseline. Unauthorized changes detected by FIM generate alerts to system administrators for analysis and response.

  • Parent Policy Mapping: STH Endpoint Security Policy, Section 3.5
  • SCF Mapping: END-06 (Endpoint File Integrity Monitoring (FIM))

FRHC maintains evidence supporting endpoint security controls, including anti-malware configurations and update logs, FIM alert records, firewall settings, and patch compliance reports. Evidence is retained and made available to Summit Technology Holdings, LLC (STH) to support enterprise governance, audit, and compliance activities.


All users (employees, contractors, part-time and temporary workers) and those employed by others to perform work for the organization, or who have been granted access to IT assets or facilities, are covered by this standard and must comply with its associated policies, procedures, standards and guidelines.

Failure to comply with this standard and associated guidelines may result in suspension of use privileges or other disciplinary actions up to and including termination and/or legal action.


Parent Policy:

  • Summit Technology Holdings – Endpoint Security Policy

Regulatory Requirements:

  • HIPAA Security Rule:
    • 45 CFR §164.308(a)(5)(ii)(B) – Protection from Malicious Software
  • AICPA SOC 2 Trust Services Criteria:
    • Security (CC6.1, CC6.2, CC7.1, CC7.2)

Framework Alignment:

  • END-01 – Endpoint Device Management (EDM)
  • END-02 – Endpoint Protection Measures
  • END-04 – Malicious Code Protection (Anti-Malware)
  • END-05 – Software Firewall
  • END-06 – Endpoint File Integrity Monitoring (FIM)

RevDescriptionDateApproved
-Policy createdOctober 2020M Machin
1.0Formatting UpdateSeptember 2022WSI
2.0Updated and approved for 2024July 2024WSI
3.0Converted to StandardApril 2026M Machin
3.1Corrected parent policy mapping references to current section format (Section N → Section 3.x)April 2026M Machin

Internal Use Only