A5
CE Montpellier
Secure Configuration
Ensuring devices and services are configured securely. Covers removal of unnecessary software/accounts, default password changes, external service authentication, and device locking.
10 questions
A5.1
A5.2
A5.3
A5.4
A5.5
A5.6
A5.7
A5.8
A5.9
A5.10
Where you are able to do so, have you removed or disabled all the software and services that you do not use on your laptops, desktop computers, thin clients, servers, tablets, mobile phones and cloud services?
yesnodescribe
Have you ensured that all your laptops, computers, servers, tablets, mobile devices and cloud services only contain necessary user accounts that are regularly used in the course of your business?
yesno
Have you changed the default password for all user and administrator accounts on all your desktop computers, laptops, thin clients, servers, tablets and mobile phones that follow the Password-based authentication requirements of Cyber Essentials?
yesno
Do you run external services that provide access to data (that shouldn't be made public) to users across the internet?
yesno
If yes to question A5.4, which option of password-based authentication do you use?
choice
Describe the process in place for changing passwords on your external services when you believe they have been compromised.
text
When not using multi-factor authentication, which option are you using to protect your external service from brute force attacks?
choice
Is 'auto-run' or 'auto-play' disabled on all of your systems?
yesno
When a device requires a user to be present, do you set a locking mechanism on your devices to access the software and services installed?
yesno
Which method do you use to unlock the devices?
text
Does your organisation meet the Secure Configuration requirements?
Check your real-world posture across all 5 Cyber Essentials control areas in 3 minutes. Free, no account needed.