Your guide to completing the Cyber Essentials self-assessment questionnaire
Throughout the Cyber Essentials self-assessment questionnaire your business will be asked to give details about its cyber security strategy.
Everything from your use of firewalls to how your business protects itself from malware attacks will be assessed.
We cover some of the categories included within the Cyber Essentials self-assessment questionnaire below.
Firewalls
Is your business protected by a firewall that will ensure that only safe and necessary network services can be accessed from the internet?
To pass this section of the guide your business will be asked to give details on the following areas:
- The firewalls that are placed in your network
- How your firewall administrative interface is protected
- Confirmation that unauthenticated inbound connections are blocked by default
- Firewall rules
The self-assessment will also ask you to provide any additional evidence to support the details that you provide.
Secure Configuration
As part of the ‘Secure Configuration’ section of the Cyber Essentials self-assessment questionnaire your business must give details of how its computers and network devices are properly configured to reduce the level of inherent vulnerabilities and provide only the services required to fulfil their role.
To pass this section of the guide your business will be asked to give details on the following areas:
- Password policy
- User accounts
- Software (that may or may not be in use)
User Access Control
As part of the Cyber Essentials application process your business should ensure that user accounts
are assigned to authorised individuals only and that the users only have access to the applications, computers and networks that are required to perform their role.
During this section you will be expected to provide details on identified locations where sensitive and business-critical information is stored digitally.
Password-Based Authentication
Password protection is one aspect of cyber security that many businesses fail on.
Cyber Essentials applicants must demonstrate how their business uses the technical controls available to it on password-protected systems.
Your business will be asked to describe:
- The technical controls used to enforce the password policy
- The paper-based controls used to enforce the password policy
- How your business has implemented a password policy which meets the requirements of the password-based authentication requirements
Malware Protection
Malware attacks such as WannaCry have educated many businesses about this kind of cyber security threat.
Your business should restrict execution of known malware and untrusted software, to prevent harmful code from causing damage or accessing sensitive data.
This section of the self-assessment questionnaire also includes questions on ‘Application sandboxing’ and ‘Application whitelisting’.
Patch Management
If your business works with third-party suppliers, then this can also make your business’s cyber security strategy vulnerable.
Applicants applying for Cyber Essentials must not be using any ‘pirated’ or other unauthorised software. To pass this section of the questionnaire it is important that all software that your business uses has a licence and is supported in some way by the supplier.
Get your copy of the Cyber Essentials Online questionnaire
If you would like to see the Cyber Essentials Online questionnaire, contact us to get your sample copy now.