Endpoint & Workload Security — Guide

Status: Preview skeleton. Community contributions welcome.

1) Quick posture check (by level)

• L0 → L1: 3–5 “table-stakes” checks
• L1 → L2: baseline policy/process existence checks
• L2 → L3: defined ownership, metrics, and reviews
• L3 → L4: automation and continuous monitoring
• L4 → L5: resilience, adversary exercises, learn-improve loop

2) Evidence to collect

• Artifacts list (policies, logs, reports, tickets)
• Sampling guidance (how many, how recent)

3) Controls to reach the next level

• Minimal viable set
• Implementation tips for MSMEs vs larger orgs

4) Tools and low-cost options

• OSS and entry-level SaaS with notes
• Configuration hardening references

5) Metrics that matter

• Small set of outcome metrics and KRIs
• Review cadence

Contribute improvements via the framework repo’s guides/ folder.