Welcome to part 7 of the Cyber Essentials blog series: Top 7 things you need to know before you start your assessment
In our final segment we are going to talk about Supported Devices and Applications
Supported means different things to different people, but from a Cyber Essentials perspective it means that the vendor/developer or manufacturer, is still releasing High and Critical updates for the product.
This seems easy to achieve but unfortunately this is more challenging than it initially appears.
Most mainstream software for example Chrome/Firefox and Edge browsers continues to receive updates, however a large number of other programs no longer receive updates, for example Apple’s QuickTime. It is your responsibility to check any applications on your assessment are still supported. The assessor will check as part of your assessment when they are grading your submission.
Also be aware that programs like Sage Accounts when installed onto your computer also bundle in other products in order for their program to run. Sage typically install “Visual Basic runtime” and if these are the 2010 edition or older they may be out of support. Also Java tends to be installed with applications that have common program code across multiple operating systems.
You will need to check your Programs and Features in Windows and Applications folder on the Macs.
In the case of operating systems it’s more straight forward, at least for MacOS (the latest and the two prior version are supported) and Microsoft (Server 2012+, Windows 8.1 and later), for Linux it’s more challenging and you will need to check your installed version is still supported by your software vendor.
Moving onto Hardware
Let’s talk about Mobile devices, for Apple your device must support the latest IOS, so this is pretty straightforward and easy to identify.
However, if only life was so easy with Android. Google release updates on a monthly basis, however in most instances (other than Google/Android One Programme – and flagship phones from a small number of manufacturers) if you phone is over 2 years old (from when it was released not when you bought it) it’s unlikely you will be receiving updates on a monthly basis (which is what we always recommend) – however as long as your manufacturer is still releasing updates it will still be compliant for Cyber Essentials.
If your Android phone is over 3 years old, it’s likely at least from a security perspective no longer supported. This is even worse for Android tablets devices. To check go into your device Settings and check the date of the last security update – normally as long as your device has an update within the last six months, and the manufacturer still supports the device – it’s compliant.
If you are using a blackberry or Windows Mobile device these are no longer supported.
Let me end by saving a big thanks for sticking with us through this series – it’s been fun!
If you would like more specific support for your assessment feel, free to reach out to our team at CyberSecuritiesUK