Page Comparison

Some developers need local admin access to compile, debug and check-in source code changes using their standard account. Would this be a auto-fail and if yes, how do organisations manage their local admin privilege needs for development team members?

There are lots of different ways you can manage it. You can use group policies as one way that you can achieve this. It wouldn't be an automatic failure of Cyber Essentials, but you would have problems should you wish to go ahead and undertake CE plus assessment. So one of the core controls is that you need to have account separation between standard users and administrators and if that can't be achieved, we've suggested to descope the developer network. That is a method that you can use to move it out of scope. Obviously it's best practice to get as many of the controls as you can to  apply to that descoped portion of the network. If you really can't achieve it, then the best option would be to create a developer network and descope it from the assessment.

As a school it is not possible for us to implement MFA for all users on all cloud services (i.e. Office 365). This would create a serious barrier to learning for our students. All staff have MFA implemented. Can you suggest a way that we can still be compliant with the new requirements of CE?

For CE you can implement MFA by only allowing access via a trusted device/network which a lot of schools have moved to. The top 4 methods of MFA listed here are acceptable - https://www.ncsc.gov.uk/guidance/multi-factor-authentication-online-services.

Does MFA need to be triggered at every sign in on cloud services or can it be periodically?

It does not have to be triggered at every sign on, and can be periodically - depending on how the MFA is setup.