| Page Properties | ||||||
|---|---|---|---|---|---|---|
| ||||||
|
Frequently Asked Questions about the Cyber Essentials Control
Question | Answer |
|---|---|
How do you deal with the use case where assets are supplied and managed by a third party (laptops), and they do the asset management? | Those third party devices, because you don't own them the controls would need to be applied by the third party because they have access to carry out the administration. This is a scenario we now realise is more common than we first thought and actually those third party devices would need to be included on a CE certificate by the organisation that owned those devices and they have the administration access to carry out and apply the controls. |
What devices needed to have supported firmware and what does "supported" mean in this context? | All devices should be running supported firmware, however only routers and firewalls are required to provide the firmware version for the certification. Licensed and supported software is software that you have a legal right to use and that a vendor has committed to support by providing regular updates or patches. The vendor must provide the future date when they will stop providing updates. (Note that the vendor doesn’t need to have created the software originally, but they must be able to now modify the original software to create updates). |
Can a policy be used for BYOD end point compliance rather than technical controls? | This has been a difficult area, but there does need to be a technical element applied when managing BYOD devices. It can be a mixture of technical and written policy. This is actually in a blog statement by the NCSC, but we can't allow written policy only in this area. It is important that these devices are supported and able to receive regular security updates, based on evidence that is provided to us and the findings of subject matter experts. It forms a lot of the guidance by the NCSC and they should be monitored and checked to make sure that they are in support. |