Definition for "Excluded Endpoint"

[adammontville]

Beyond wondering whether it is necessary to define "excluded endpoint", I find the following sentence problematic: Typically but not necessarily, endpoints that contain a SACM component (and are therefore part of the SACM domain) are designated as excluded endpoints. If we apply some concreteness to this, we might presume that a SACM component is an agent installed on an endpoint, which is a target, and another SACM component may be the data repository where collected information and evaluation results are stored. The endpoint upon which the agent resides is certainly a target endpoint. The device running the data repository is almost certainly an endpoint and thus likely subject to the same enterprise policies as any other endpoint, thereby, at one point or another, becoming a target endpoint. There's something I'm missing in that statement, or the statement is wrong.

[adammontville]

Actually, the last sentence also seems to say something contradictory to a previous one: Target endpoints that contain a SACM component cannot be designated as excluded endpoints and are part of the SACM domain. So, the previously highlighted sentence says that endpoints containing SACM components "are designated as excluded endpoints", but this one says they "cannot be designated as excluded endpoints". That's confusing.