CyberEssentials

LizardKing · 3 Mar 2017 at 14:49

Has anyone filled out this yet?
This question is leaving me scratching my head a bit

"Do you use firewalls or (something similar) to protect your systems and devices from outside threats?"

then it goes on to ask about

And for home firewalls? - not applicable to us
And for mobile device firewalls?

"mobile device firewall" I'm assuming by mobile device they are actually referring to such things like laptops, but i'm not 100% convinced they are? :confused:

if there not referring to laptops, then you could assume it would be mobiles/tablets etc but i doubt anyone could actually answer yes to that?! (or am i missing a trick?)
Unless of course there just referring to them when connected to the corporate wifi sitting behind the firewall?

tempting to just answer yes and move on but thats not really in the spirit of the deal.

Caged · 3 Mar 2017 at 20:58

They're talking about that crap you can buy for Android phones because the ecosystem is such a dumpster fire to start with that it's possible to have malware running on them.

I've found the actual NCSC guidance to be very good, especially when compared to some Home Office fluff: https://www.ncsc.gov.uk/index/guidance?f[0]=field_topics%3Aname:End user technology. And no, I have no idea why the Home Office are running Cyber Aware and GCHQ are doing the same sort of thing from a different angle.

LizardKing · 6 Mar 2017 at 12:31

Had a feeling that may be the case, there terminology is sketchy to say the least. some of the questions are easily open to interpretation and with it being a simple self assessment seems very open for abuse.
The NCSC guidelines actually talk sense and seem to have been written with an inclination of what there writing at least.

LizardKing · 20 Apr 2017 at 14:49

Caged said:
They're talking about that crap you can buy for Android phones because the ecosystem is such a dumpster fire to start with that it's possible to have malware running on them.

I've found the actual NCSC guidance to be very good, especially when compared to some Home Office fluff: https://www.ncsc.gov.uk/index/guidance?f[0]=field_topics%3Aname:End user technology. And no, I have no idea why the Home Office are running Cyber Aware and GCHQ are doing the same sort of thing from a different angle.

We clicked no in the end and still got marked as compliant, though there changing the questions in the coming months and i expect its not going to be relevant in future as they seem to be concentrating on compartmentalizing company data itself rather than the device.

Good to see there also moving on from "must change password every x days" mentality. Its certainly something i wasn't expecting from gov guidelines anytime soon. just hope the auditors also get on that bandwagon

JonnyT · 27 Apr 2017 at 05:52

Ugh, we're currently in the midst of a CyberEssentials+ audit. It is a world of pain. Never ever has 'proper preparation prevents poor performance' been truer. Do everything you can to get your computer/mobile estate as patched/updated to the latest versions as possible, and have written justifications for any likely affected legacy applications (such as old versions of Java required by a legacy app) prepared, otherwise get set for a crash program of getting your house in order.