Lets take a look at the secure config technical control required to pass Cyber Essentials Plus
Written by: David Henderson on Jan 02, 2023
Cyber Essentials Plus helps businesses safeguard themselves from the most common types of cyber threats. From Ransomware to Malware, it helps you to protect your data from malicious actors seeking to exploit weaknesses in your cyber security.
Included in the Cyber Essentials 5 key technical controls is the incredibly important element of Secure Configuration. In this article, we look at the importance of secure configuration and what is required to pass Cyber Essentials Plus.
Secure configuration simply put is a term that refers to the practice of configuring computers, devices, software applications and much more in a way that minimises vulnerabilities and reduces the risk during a security breach.
For example, it is common for certain computers and network devices to come with out-of-the-box standard configurations that are publicly known weaknesses such as default passwords, unnecessary pre-enabled user accounts and pre-installed software or services.
Having such devices with default settings such as this is an easy way to grant potential bad actors access to your organisation's sensitive data.
Cyber Essentials requirements dictate that you must have properly implemented secure configuration for devices in your organisation. The scope of this requirement spans email, web and application servers, desktop computers, laptop computers, tablets, mobile phones, firewalls and routers.
Correctly configuring computers and network devices will help you to reduce the level of inherent vulnerabilities and provide only the services required to fulfil their role. Hence the importance placed on doing this under the Cyber Essentials certification.
Furthermore, the Cyber Essentials Plus secure configuration requirement will require you to follow these best practices:
Email Us
email hidden; JavaScript is required
Call Us
+ 4428 9099 5777
Or send us a quick message
