An attack to an Industrial Internet of Things (IIoT) system typically starts with an attack on one or more endpoints. As defined by the Industrial Internet Consortium (IIC), an endpoint is a component that has an interface for network communication and it can be of various types, including a device endpoint or an endpoint that provides cloud connectivity. Endpoints are the only place in an IIoT system where execution code is stored, started and updated and data is stored, modified or applied. In many cases, an attacker will, therefore, try to access the execution code and attack the weakest point in the devices’ security implementation, then modify or replace the execution code with malicious intent. The IIC has recently presented an endpoint protection/security model and policy in its Industry Internet Security Framework (IISF) document. The technical report is an in-depth cross-industry-focused security framework reflecting thousands of hours of knowledge and experiences from security experts, collected, researched and evaluated for the benefit of all IIoT system deployments.