Versions Compared

Version Old Version 2 New Version 3
Changes made by

Joe Checketts

Joe Checketts

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page Properties
hiddentrue
idNavigation_Page

Subject

SecurityUpdateMgmt

Type

FAQ

Frequently Asked Questions about the Cyber Essentials Control

Question

Answer

How do we enforce BYOD to ensure all OS updates are installed and on the latest OS?

There are MDM systems available that can automatically block non-compliant devices from accessing networks, and you can use this technical control along with a policy to ensure that any BYOD devices accessing the network are up to date.

If you have virtual infrastructure which is hosted on a server array, do you only need to give Make and Operating System? i.e HP make, O/S VMWare VCF

You would also need to include the end user devices that are interacting with those services.(So if you have virtual infrastructure which is hosted on a server array, you only need to give Make and Operating System? i.e HP make, O/S VMWare VCF)

What about software where the vendor gives no indication about support periods, and where no new release has happened in a year or two?

That would be considered as unsupported and up to the applicant to prove otherwise if they disagree.

What does "supported" mean in the context of open source software?

Licensed and supported software is software that you have a legal right to use and that a vendor has committed to support by providing regular updates or patches. The vendor must provide the future date when they will stop providing updates. (Note that the vendor doesn’t need to have created the software originally, but they must be able to now modify the original software to create updates).  Open Source software is acceptable as long as regular security updates are made available and there is a published end of life date

The below will appear on the Refined page at https://iasme.atlassian.net/wiki/spaces/CEKH/pages/2576842966/Security+Update+Management+FAQ#

Excerpt
nameM_FAQ_SecurityUpdateMgmt

QUESTION

ANSWER

Is M365 InTune MAM-WE enough for BYOD device management? We can ensure devices are up to date, not jailbroken and have a pin BUT we do not have control over the apps installed on the device. However, as MAM-WE sandboxes the business data and has controls to stop personal/business being copy/pasted/mixed, is that enough to comply with the control?

It is. It is an element of the control but you would need to definitely back that up with having approved apps to access your organisational data.  You can't just rely on it being in a container. You do need to know which apps are in that container and accessing your organisational data. Often if you're using Intune, you're trying to connect to 365 apps anyway, and by definition, MAM is a version of application management so there should be some form in there.