Page Properties | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||
|
Frequently Asked Questions about the Cyber Essentials Control
Question
Answer
How do you deal with the use case where assets are supplied and managed by a third party (laptops), and they do the asset management?
Those third party devices, because you don't own them the controls would need to be applied by the third party because they have access to carry out the administration. This is a scenario we now realise is more common than we first thought and actually those third party devices would need to be included on a CE certificate by the organisation that owned those devices and they have the administration access to carry out and apply the controls.
What devices needed to have supported firmware and what does "supported" mean in this context?
All devices should be running supported firmware, however only routers and firewalls are required to provide the firmware version for the certification. Licensed and supported software is software that you have a legal right to use and that a vendor has committed to support by providing regular updates or patches. The vendor must provide the future date when they will stop providing updates. (Note that the vendor doesn’t need to have created the software originally, but they must be able to now modify the original software to create updates).
Can a policy be used for BYOD end point compliance rather than technical controls?
It's a vital part, we’re aware that's an issue, but I do state look what's available within your cloud services that are able to monitor for operating system compliance to help out there.
Insert excerpt | ||||||||
---|---|---|---|---|---|---|---|---|
|