We need to protect our entire IT system starting at the endpoint, mobile device, or IoT sensor. We have to focus our controls as close to the asset as possible and enforce access controls at the level of the asset or resource. The inventory of all of the devices, resources, applications, and policy enforcement points along the pathway should include hashed values of the software, and the software and firmware components are not changed without authorization, be that by a user, or by another process (a non-person entity NPE)
Source: https://www.helpnetsecurity.com/2021/02/15/protecting-the-network/