If you are certifying as partial organisation, please list the equipment used to create any sub-sets.
What this question is really asking
If you created sub-sets to limit scope, list the specific equipment used to enforce those boundaries. The equipment itself must also be within scope and compliant — you cannot use a non-compliant device to enforce a scope boundary.
What satisfies this requirement
A list is requiredList routers, physical firewalls, or virtual firewalls (on a hypervisor) used to create sub-sets. Note: software firewalls built into OS (e.g. Windows Firewall) cannot be used to define scope boundaries.
What to prepare before your assessor visit
The device enforcing your scope boundary is itself in scope and must be fully compliant. This is a logical trap some applicants fall into — they create a scope boundary to exclude a legacy device, but then use another legacy device to enforce that very boundary. The enforcement device must meet all CE requirements for firewalls and configuration.
How this question sits across CE versions
Question A2.5.1 is unique to Cyber Essentials Danzell — it does not appear in other versions of the standard. New in Danzell.
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.