Do you have software firewalls enabled on all of your computers, laptops and servers?
What this question is really asking
Confirm that a software firewall is enabled on all laptops, desktops, and servers within scope. This is a host-based control that complements boundary firewalls. Windows Defender Firewall, macOS application firewall, and equivalent Linux tools are all acceptable. MDM or Group Policy enforcement is expected — relying on users to keep their host firewall enabled is not sufficient evidence.
What satisfies this requirement
Yes or NoMust be enabled at all times. Required on untrusted networks. If organisation doesn't control the network, software firewall is mandatory.
What to prepare before your assessor visit
'We have Windows Defender Firewall' is a reasonable start, but assessors want to know it is enforced rather than merely recommended. A screenshot of one PC is not sufficient — show the Group Policy object or MDM profile that enforces the software firewall across all managed devices. If users can disable the firewall themselves, it is not a reliable control and assessors will note the gap.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.