| Page Properties | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||
DOC-XXX-XXXXXX | ||||||||||||||||
Public | ||||||||||||||||
Cyber Essentials Manager | ||||||||||||||||
YES | ||||||||||||||||
Cyber Essentials | ||||||||||||||||
Initial Version | ||||||||||||||||
Reviewed Annually by CEO | ||||||||||||||||
Refined Knowledge Hub |
| |||||||||||||||
|
Frequently Asked Questions about the Cyber Essentials Control
Question
Answer
For question A8.1, can you explain the option of allow listing, especially where BYOD is involved?
The allow listing option means that you must have a list of approved applications which can access organisational data or services. With company-owned devices, this can be accomplished using an MDM solution which only permits specific, approved applications restricted by code signing to be installed. For BYOD, bear in mind that Cyber Essentials is only concerned with applications which access org data, as it's not possible to control what users may install on their own devices. You must therefore ensure that only the applications on the allow list have access - so for example, users can only access email using an approved app. It's expected by the NCSC that technical controls are implemented to achieve this, although in organisations with fewer than 50 employees, policy or training can be sufficient to meet compliance.
Is using built-in anti-malware for Windows or MacOS (Windows Defender or Xprotect) considered compliant for Cyber Essentials?
| Insert excerpt | ||||||||
|---|---|---|---|---|---|---|---|---|
|