Symantec Endpoint Protection
by Broadcom
Covered
8
controls
Partial
2
controls
Gaps
4
controls
Overview
Symantec Endpoint Protection by Broadcom is an endpoint security solution that covers 8 NIST 800-171 controls (7% total coverage). It addresses key requirements in the endpoint security domain for defense contractors pursuing CMMC compliance.
Implementation Notes
Deploy Symantec Endpoint Protection with FIPS-validated configurations. Integrate with your SIEM for centralized audit logging. Review partial controls quarterly to identify supplementary tooling needs.
More Endpoint Security Products
Implementation Guidance for Symantec Endpoint Protection
To configure Symantec Endpoint Protection for NIST 800-171 compliance, focus on these control families: **System and Information Integrity (SI)**: Enable real-time scanning, configure automatic definition updates, and implement intrusion detection through SONAR behavioral analysis. Set quarantine policies for malware detection and enable email/web protection modules. **Configuration Management (CM)**: Deploy application control policies to whitelist approved software and block unauthorized executables. Configure device control to restrict USB and removable media access. Use Endpoint Protection Manager to maintain centralized configuration baselines. **Access Control (AC)**: Implement host-based firewall rules and configure network location awareness to apply different security policies based on network trust levels. **Assessment Evidence Generation**: Export security event logs, quarantine reports, and policy compliance dashboards through the Symantec Endpoint Protection Manager console. Configure SIEM integration using syslog forwarding to centralize security events. Generate automated compliance reports showing endpoint protection status and threat detection metrics. **Integration Considerations**: Integrate with Microsoft Active Directory for user-based policies, configure exclusions for backup software and approved security tools to prevent conflicts. Deploy alongside network security appliances ensuring proper certificate management for SSL inspection compatibility. **Common Misconfigurations**: Failing to enable all protection technologies (firewall, intrusion prevention, behavioral analysis), inadequate logging configuration missing critical security events, improper exclusion policies creating security gaps, and insufficient update frequency for virus definitions causing detection failures during C3PAO assessments.
Gap Analysis & Compensating Controls
Symantec Endpoint Protection leaves significant gaps in **System and Communications Protection (SC)** controls, particularly SC.3.177 (session lock), SC.3.191 (collaborative computing), and transmission confidentiality requirements that require network-level controls beyond endpoint capabilities. **Identification and Authentication (IA)** controls present major gaps, especially IA.3.83 (multifactor authentication) and IA.3.84 (identifier management), which require dedicated identity management solutions like Okta or Azure AD. **Audit and Accountability (AU)** controls show partial coverage - while endpoint events are logged, centralized audit review, audit storage protection, and comprehensive system activity monitoring require SIEM platforms like Splunk or QRadar. **Personnel Security (PS)** controls are completely outside endpoint protection scope, requiring HR policy frameworks and background investigation processes. **Compensating Controls**: Deploy Microsoft Defender for Identity or CyberArk for privileged access management to address IA gaps. Implement Splunk Enterprise Security or IBM QRadar for comprehensive audit capabilities. Add network segmentation tools like Cisco ISE for SC control coverage. **Documentation Strategy**: List these gaps in SSP Section 13 (security controls) with clear rationale for compensating controls. Create POA&M items with realistic timelines - prioritize IA controls (90-120 days) due to high CMMC weighting, followed by AU controls (180 days), then SC controls (240 days). PS controls typically have longest implementation timelines requiring policy development and training programs.
Compliance Cost Estimate
Symantec Endpoint Protection licensing ranges from $35-65 per user annually depending on feature set and volume discounts. Enterprise customers typically pay $45-50/user/year for full protection suites. Implementation costs average $15,000-25,000 for organizations with 100-500 endpoints, including professional services for policy configuration, integration setup, and compliance documentation. Ongoing monitoring requires 0.25-0.5 FTE dedicated to management, policy updates, and incident response, translating to $20,000-40,000 annual operational costs. Compared to competitors like CrowdStrike Falcon ($60-80/user/year) or Microsoft Defender for Endpoint ($3-5/user/month), Symantec offers competitive pricing but may require additional tools for comprehensive NIST 800-171 coverage, potentially increasing total cost of ownership to $65-85/user/year when including compensating controls for identity management and SIEM capabilities.
Compliance Cross-References
**DFARS 252.204-7012 Mapping**: Symantec Endpoint Protection addresses safeguarding requirements in paragraphs (b)(1) access controls, (b)(2) awareness training through security notifications, and (b)(7) system and information integrity through malware protection and system monitoring capabilities. **CMMC Level 2 Coverage**: Satisfies portions of Access Control (AC.L2-3.1.1, AC.L2-3.1.2) through application control and device restrictions, System and Information Integrity (SI.L2-3.14.1 through SI.L2-3.14.7) via malware protection, scanning, and security alerts. Provides evidence for Configuration Management (CM.L2-3.4.6, CM.L2-3.4.8) through baseline management and software restriction policies. **FedRAMP Alignment**: Maps to SI-3 (Malicious Code Protection), SI-4 (Information System Monitoring), and CM-7 (Least Functionality) controls in the FedRAMP Moderate baseline. **Assessment Objectives**: Direct evidence for malware protection deployment, endpoint monitoring capabilities, and unauthorized software prevention. However, requires supplementary tools for identity verification (IA assessment objectives), comprehensive audit capabilities (AU assessment objectives), and network-level protections (SC assessment objectives). C3PAOs will expect additional controls beyond endpoint protection to demonstrate full CMMC Level 2 compliance across all practice areas.
Frequently Asked Questions
How many NIST 800-171 controls does Symantec Endpoint Protection cover?
Symantec Endpoint Protection covers 8 of 110 NIST 800-171 controls (7%), with 2 partially covered and 4 gaps.
Can Symantec Endpoint Protection alone satisfy CMMC Level 2?
No single tool covers all 110 NIST 800-171 controls. Symantec Endpoint Protection covers 7% and should be part of a layered security stack addressing the remaining controls.
What controls does Symantec Endpoint Protection not cover?
Symantec Endpoint Protection does not cover controls mp-3-8-1, ia-3-5-1, pe-3-10-1, ac-3-1-12. These require supplementary solutions such as physical security controls, additional access management, or media protection tools.
Map Your Full Security Stack
See NIST 800-171 control coverage for 80+ security products.
Open NIST Tool MapperTrack Symantec Endpoint Protection NIST 800-171 coverage updates with AI-powered intelligence
Signals matches SAM.gov opportunities to your profile, monitors regulatory changes, and alerts you before competitors. Free for 90 days.
Start Free — 90 Days