Security Update Management

A6.1

Are all operating systems on your devices supported by a vendor that produces regular security updates?

yesno

A6.2

Is all the software on your devices supported by a supplier that produces regular fixes for any security problems?

yesno

A6.2.1

Please list your internet browser(s).

list

A6.2.2

Please list your malware protection software.

list

A6.2.3

Please list your email applications installed on end user devices and server.

list

A6.2.4

Please list all office applications that are used to create organisational data.

list

A6.3

Is all software licensed in accordance with the publisher's recommendations?

yesno

A6.4

Are all high-risk or critical security updates for operating systems and router and firewall firmware installed within 14 days of release?

yesno

A6.4.1

Are all updates applied for operating systems by enabling auto updates?

yesno

A6.4.2

Where auto updates are not being used, how do you ensure all high-risk or critical security updates of all operating systems and firmware on firewall and routers are applied within 14 days of release?

text

A6.5

Are all high-risk or critical security updates for applications (including any associated files and any plugins such as Java, Adobe Reader and .Net.) installed within 14 days of release?

yesno

A6.5.1

Are all updates applied on your applications by enabling auto updates?

yesno

A6.5.2

Where auto updates are not being used, how do you ensure all high-risk or critical security updates of all applications are applied within 14 days of release?

text

A6.6

Have you removed any software installed on your devices that is no longer supported and no longer receives regular updates for security problems?

yesno

A6.7

Where you have a business need to use unsupported software, have you moved the devices and software out of scope of the assessment?

yesnodescribe