Secure Config FAQ Drafts

Owned by Joe Checketts
Last updated: Jan 25, 2024
2 min read

 

 

 

 

 

 

 

 

 

 

 

 

Can a standard user be part of the Sudo’ers Group in *Nix systems?

There is no special provision within Cyber Essentials for mac/Linux machines to allow them to be essentially part of the sudoers group under the same account.

This is because the requirement for cyber essentials is quite clear in that admin accounts need to be protected from the avoidable risks of compromise through email, web browsing and other standard user activities. By implementing separate accounts and restricting functionality you minimise the opportunity for compromise of the higher value administration accounts/activities.

Maintaining the security of your software development environment is also important but not necessarily fully covered by the Cyber Essentials requirements.

 

BYOD

CF0004

Can a policy be used for BYOD end point compliance rather than technical controls?

This has been a difficult area, but there does need to be a technical element applied when managing BYOD devices. It can be a mixture of technical and written policy. This is actually in a blog statement by the NCSC, but we can't allow written policy only in this area. It is important that these devices are supported and able to receive regular security updates, based on evidence that is provided to us and the findings of subject matter experts. It forms a lot of the guidance by the NCSC and they should be monitored and checked to make sure that they are in support.
It's a vital part, we’re aware that's an issue, but I do state look what's available within your cloud services that are able to monitor for operating system compliance to help out there.

DigitalLoft240423

OPEN_SOURCE

CF0005

Many courses use open source software, how does this fit with the requirement of all software to be supported?

This will be discussed at the CE Technical Working group and formal position posted at a future date.  

UCISA_110523

SOFTWARE

CF0006

What is the position on windows home edition / Pro.  Are these considered acceptable CE OS

Windows Home and Professional editions are acceptable for CE. 

UCISA_110523

AUTORUN

CF0010

How do you disable auto-run or auto-play on a Mac? I can see anything that’s specifically for a memory stick or find anything online

Only the older Macs had this option, if you cant see this option and haven’t specifically installed any software that would allow external media to auto run / auto play, then you are compliant.

QUESTIONS_300823