Secure Configuration

A5.1

Have you removed or disabled software and services that you do not use on your laptops, desktop computers, thin clients, servers, tablets, mobile phones and cloud services?

yesnodescribe

A5.2

Have you ensured that all your laptops, computers, servers, tablets, mobile devices and cloud services only contain necessary user accounts that are regularly used in the course of your business?

yesno

A5.3

Have you changed the default password for all user and administrator accounts on all your desktop computers, laptops, thin clients, servers, tablets and mobile phones?

yesno

A5.4

Do you run or host external services that provide access to data (that shouldn't be made public) to users across the internet?

yesno

A5.5

If yes to question A5.4, which authentication option do you use?

choice

A5.6

Describe the process in place for changing passwords on your external services when you believe they have been compromised.

text

A5.7

When not using multi-factor authentication, which option are you using to protect your external service from brute force attacks?

choice

A5.8

Have you disabled any feature which allows automatic file execution of downloaded or imported files without user authorisation?

yesno

A5.9

When a device requires a user to be present, do you set a locking mechanism on your devices to access the software and services installed?

yesno

A5.10

Which method do you use to unlock the devices?

text