Frequently Asked Questions about the Cyber Essentials Control
Question | Answer |
|---|---|
How do we enforce BYOD to ensure all OS updates are installed and on the latest OS? | There are MDM systems available that can automatically block non-compliant devices from accessing networks, and you can use this technical control along with a policy to ensure that any BYOD devices accessing the network are up to date. |
If you have virtual infrastructure which is hosted on a server array, do you only need to give Make and Operating System? i.e HP make, O/S VMWare VCF | You would also need to include the end user devices that are interacting with those services.(So if you have virtual infrastructure which is hosted on a server array, you only need to give Make and Operating System? i.e HP make, O/S VMWare VCF) |
What about software where the vendor gives no indication about support periods, and where no new release has happened in a year or two? | That would be considered as unsupported and up to the applicant to prove otherwise if they disagree. |
What does "supported" mean in the context of open source software? | Licensed and supported software is software that you have a legal right to use and that a vendor has committed to support by providing regular updates or patches. The vendor must provide the future date when they will stop providing updates. (Note that the vendor doesn’t need to have created the software originally, but they must be able to now modify the original software to create updates). Open Source software is acceptable as long as regular security updates are made available and there is a published end of life date. |