Do you have software firewalls enabled on all of your desktop computers, laptops and servers?
What this question is really asking
If remote firewall management is permitted, confirm it is protected by multi-factor authentication, IP allow-listing, or both. Assessors prefer to see both controls in place given the high risk of remote admin access to network infrastructure.
What satisfies this requirement
Yes or NoSoftware firewalls must be enabled even behind a physical boundary firewall. Check: Mac Security & Privacy, Windows Settings > Windows Firewall, Linux ufw status.
What to prepare before your assessor visit
If remote firewall management is permitted, assessors prefer to see both MFA and IP restriction in place. MFA alone is better than nothing, but a firewall admin interface reachable from any internet IP — even with MFA — presents a broader attack surface than one additionally restricted to your MSP's known IP ranges. Show the configuration for both controls.
How this question sits across CE versions
Related policy templates
Getting certified means having documentation to back it up. These policy templates cover the controls this question tests.
Does your organisation meet this requirement?
Answer 30 plain-English questions and find out exactly where you stand across all 5 Cyber Essentials control areas — with a prioritised list of what to fix first.