Top 7 Things you need to know before you start your Assessment – Part 1
Welcome to another bitesize article from CyberSecuritiesUK. Cyber Essentials isn’t a complex standard, however like all certification schemes it has it’s own challenges. Today, we’re going to talk about the top seven things to know before you start your Cyber Essentials Plus assessment.
7 Tips before taking the CyberEssentials Assessment
Internal/External IT Support
You’ll likely need internal or external IT Support to help you implement the required controls and provide correct answers.
Know your technical landscape
Ensure, you know your technical landscape. These are, Home Workers, geographical locations of your business, quantities of laptops, computers, and servers, and importantly their operating system versions as well, quantities of mobile devices, including operating system and firmware updates, what networks are in scope.
And critically, what network equipment is in scope, in particular routers and firewalls.
Discovery process for Home Workers.
Ensure you have a robust discovery process for Home Workers. This should include their home firewalls unless you have an always on VPN. And of course, the main device they are using, if it is their own personal device, make sure it meets all Cyber Essentials controls.
Internet facing services and application
Make sure you are clear about any Internet facing services or applications that you run on Cyber Essentials refers to these as Sensitive Applications and these include services which are accessed via a login page examples, email, VPN, things like that remote desktop.
Operating systems and firmware patching
This is typically where a lot of time is spent with applicants getting ready for their assessment. Make sure you can describe your process for keeping all devices in scope up to date. Don’t forget, this also includes mobiles and firewalls and routers.
Third party application updates
This covers programs you install onto your computer, common applications typically auto update, but the assessor will be looking for evidence that you have some form of paper or technical controls in place to ensure this is met.
Ensure, all your computers are running the same versions as this immediately suggests to the assessor, your update policy is not robust.
Ensure that everything is still under support
This covers operating systems, firmware of firewalls, et cetera, and your mobiles. This is typically easier said than done and essentially means you need to be running Windows 10, 1809 or later and the last three versions of Mac OS, for portable devices, mobiles, etc.
You need to be on the latest version of Android or one of the two earlier versions. And in the case of IOS, you need to be running the latest version that is available. If you are running any non-supported devices, your entire assessment will fail. So, either remove them or upgrade.
These tips are essential to ensure your readiness in taking the Cyber Essentials assessment. These assessments are more challenging than you think. Getting trained by certification body like CyberSecuritiesUK will give you a greater assurance to pass the assessment.