Endpoint Security Standard
Organization: FrontRunnerHC, Inc. (FRHC)
Parent Policy Reference: Summit Technology Holdings – Endpoint Security Policy
Framework Reference: Secure Controls Framework – Endpoint Security (END)
1. Purpose
Section titled “1. Purpose”This standard defines how FrontRunnerHC (FRHC) implements the enterprise-wide Endpoint Security requirements established by Summit Technology Holdings, LLC (STH). It documents the controls and practices used to protect servers, workstations, laptops, and other endpoint devices from threats and to safeguard data and systems from unauthorized access or compromise.
2. Applicability
Section titled “2. Applicability”This standard applies to all endpoints managed by FRHC, including physical and virtual servers, desktop workstations, laptops, and authorized personal devices connected to the FRHC network. It applies to on-premises systems at the Evocative datacenter, cloud-based virtual machines, and remote devices used by the FRHC workforce.
3. Standard
Section titled “3. Standard”3.1 Endpoint Security Program
Section titled “3.1 Endpoint Security Program”FRHC employs a comprehensive set of security controls to manage endpoint security across all device types. Employees are required to prevent unintended exposure, modification, or removal of private, copyrighted, or confidential information. Business information must be stored in a manner that enables authorized backup services to protect it. Administrative access is restricted in accordance with the principle of least privilege.
- Parent Policy Mapping: STH Endpoint Security Policy, Section 3.1
- SCF Mapping: END-01 (Endpoint Device Management (EDM))
3.2 Endpoint Protection Measures
Section titled “3.2 Endpoint Protection Measures”Endpoint devices must be secured with appropriate authentication controls before connecting to the FRHC network or accessing company data. Operating system and application software must be kept current with security-related patches as soon as practicable. Systems without required patches or infected by malware must be disconnected from the company network. All externally supplied computer-readable files must be decrypted and scanned prior to use. All software and files downloaded from external sources must be scanned with malicious software detection software prior to execution. Removable media auto-run must be disabled. Personal devices authorized to connect to the FRHC network must comply with this standard.
- Parent Policy Mapping: STH Endpoint Security Policy, Section 3.2
- SCF Mapping: END-02 (Endpoint Protection Measures)
3.3 Malicious Code Protection (Anti-Malware)
Section titled “3.3 Malicious Code Protection (Anti-Malware)”All endpoint devices capable of running security software are required to do so before connecting to the FRHC network. Anti-malware software must run the latest definition updates, be configured for automatic updates, and provide always-on protection. Behavior-based, centrally managed anti-malware software is deployed across the enterprise. Disabling or removing security software, or preventing updates, is prohibited. Anti-exploitation features are enabled on enterprise assets and software where possible. Anti-malware software is configured to automatically scan removable media upon connection.
- Parent Policy Mapping: STH Endpoint Security Policy, Section 3.3
- SCF Mapping: END-04 (Malicious Code Protection (Anti-Malware))
3.4 Software Firewall
Section titled “3.4 Software Firewall”Where technically feasible, all endpoint devices employ host-based software firewall software to protect the device from external threats. All firewalls and routers used on the company network are configured in accordance with FRHC’s router and firewall procedures to ensure network and data security.
- Parent Policy Mapping: STH Endpoint Security Policy, Section 3.4
- SCF Mapping: END-05 (Software Firewall)
3.5 Endpoint File Integrity Monitoring (FIM)
Section titled “3.5 Endpoint File Integrity Monitoring (FIM)”A File Integrity Monitoring (FIM) solution is deployed on all servers to monitor and validate the integrity of the operating system using verification comparisons between current file states and an approved baseline. Unauthorized changes detected by FIM generate alerts to system administrators for analysis and response.
- Parent Policy Mapping: STH Endpoint Security Policy, Section 3.5
- SCF Mapping: END-06 (Endpoint File Integrity Monitoring (FIM))
4. Compliance & Governance
Section titled “4. Compliance & Governance”FRHC maintains evidence supporting endpoint security controls, including anti-malware configurations and update logs, FIM alert records, firewall settings, and patch compliance reports. Evidence is retained and made available to Summit Technology Holdings, LLC (STH) to support enterprise governance, audit, and compliance activities.
5. Enforcement
Section titled “5. Enforcement”All users (employees, contractors, part-time and temporary workers) and those employed by others to perform work for the organization, or who have been granted access to IT assets or facilities, are covered by this standard and must comply with its associated policies, procedures, standards and guidelines.
Failure to comply with this standard and associated guidelines may result in suspension of use privileges or other disciplinary actions up to and including termination and/or legal action.
6. References
Section titled “6. References”Parent Policy:
- Summit Technology Holdings – Endpoint Security Policy
Regulatory Requirements:
- HIPAA Security Rule:
- 45 CFR §164.308(a)(5)(ii)(B) – Protection from Malicious Software
- AICPA SOC 2 Trust Services Criteria:
- Security (CC6.1, CC6.2, CC7.1, CC7.2)
Framework Alignment:
- END-01 – Endpoint Device Management (EDM)
- END-02 – Endpoint Protection Measures
- END-04 – Malicious Code Protection (Anti-Malware)
- END-05 – Software Firewall
- END-06 – Endpoint File Integrity Monitoring (FIM)
7. Revision Tracking
Section titled “7. Revision Tracking”| Rev | Description | Date | Approved |
|---|---|---|---|
| - | Policy created | October 2020 | M Machin |
| 1.0 | Formatting Update | September 2022 | WSI |
| 2.0 | Updated and approved for 2024 | July 2024 | WSI |
| 3.0 | Converted to Standard | April 2026 | M Machin |
| 3.1 | Corrected parent policy mapping references to current section format (Section N → Section 3.x) | April 2026 | M Machin |
