Pre-audit checklist to ensure a smooth onsite audit
Ensure you have obtained your Cyber Essentials certification within 3 months of this Cyber Essentials Plus audit.
A consent form will be required prior to starting the test and this will be prepared once the visit dates have been agreed.
Confirm all software (including Adobe, Java, etc) is fully up to date on all devices including servers.
For devices running Windows – please enable file and print sharing. The option is in advanced sharing settings.
For the devices running Windows 10 or 11, the startup type set to “Manual” for the Windows service “RemoteRegistry”. This option is opened by typing “services” in search bar on Windows 10 home screen.
Also for devices running Windows 10 or 11, the following registry value needs creating, this option is opened by typing “regedit” in search bar on the Windows 10 or 11 home screen.
Hive and key path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
On System, right click then select New –> DWORD (32-bit) Value / REG_DWORD
Value name: LocalAccountTokenFilterPolicy
Value data: 1 (decimal)
For devices running macOS please enable File Sharing and Remote Login. These options are in System Preferences –> Sharing
Ensure all devices including laptops have up to date AV engines and signature files – preferably using an enterprise management dashboard app.
Ensure all executable attachments are prevented from being delivered to the email client.
Ensure the AV software is set to scan web pages visited and warn about accessing malicious websites for each browser in use and has been activated and updated.
The auditor will ask you to provide the following Domain administrator level access. Either create a new admin account for the audit process, or ensure someone with admin level is present during the audit.
A list of all devices (Firewalls, Servers, PCs, laptops, workstations, tablets and mobile phones) that are in scope with details of their current operating system. Please note that if Windows 10 or 11 is in use, a registry edit will be required for these devices to allow the scans to run.
Email addresses of users that can be used for the email/web tests on the sample devices selected.
The testing process includes the following tests
Confirmation of the devices to be tested.
Scanning of devices to identify vulnerabilities using Nessus Professional scanning software – requires details of the admin credentials for each device.
Observing how devices process emails with test attachments – access to user device required.
Observing how devices handle downloads of file attachments from our test websites – access to user device required.
Checking the installation and configuration of anti-virus software.
Perform Multi Factor Authentication test on all listed Cloud Services provided in Cyber Essentials self-assessment.
Confirm Account separation between Admin and User accounts.