When your devices (including computers used by homeworkers) are being used away from your workplace, how do you ensure they are protected?
What this question is really asking
Confirm that a software firewall is enabled on all laptops, desktops, and servers within scope. This is a host-based control that complements boundary firewalls. Windows Defender Firewall, macOS application firewall, and equivalent Linux tools are all acceptable. MDM or Group Policy enforcement is expected — relying on users to keep their host firewall enabled is not sufficient evidence.
What satisfies this requirement
A written response is requiredHome workers not on corporate VPN must rely on the software firewall in the OS.
What to prepare before your assessor visit
'We have Windows Defender Firewall' is a reasonable start, but assessors want to know it is enforced rather than merely recommended. A screenshot of one PC is not sufficient — show the Group Policy object or MDM profile that enforces the software firewall across all managed devices. If users can disable the firewall themselves, it is not a reliable control and assessors will note the gap.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.