The Cyber Essentials and Cyber Essentials Plus certifications are helpful tools for bettering your organisation’s cybersecurity strategy and protecting your IT infrastructure against cyber threats. With automated endpoint management, Automox makes it easy to patch, configure, control, and secure your endpoints in support of your organisation’s certification.

The Cyber Essentials protocol, as defined by the National Cyber Security Centre, defines five primary technical control themes:

1. Firewalls 

2. Secure configuration

3. User access control

4. Malware protection

5. Security update management

Implementing and maintaining these controls help organisations protect themselves from common cyber attacks, including phishing attacks, and ransomware and other malware attacks.

Automox supports the implementation of eight of the ten secure configuration and security update management controls.

How Automox Helps with Cyber Essentials Compliance

Firewalls:

• Automox can help with your security configurations and assist with the implementation and distribution of endpoint firewall solutions, but this control area isn’t a core tenant of Automox’s functionality. 

Secure Configuration: 

• Remove and disable unnecessary user accounts (such as guest accounts and administrative accounts that won’t be used) 

  • Yes, Automox supports this ability via Worklets

• Change any default or guessable account passwords (see password-based authentication) 

  • Yes, Automox supports this ability via Worklets

• Remove or disable unnecessary software (including applications, system utilities and network services) Cyber Essentials: Requirements for IT infrastructure v3.0 9 

  • Yes, Automox supports this ability via Worklets

• Disable any auto-run feature which allows file execution without user authorisation (such as when they are downloaded from the Internet) 

  • Yes, Automox supports this ability via Worklets

• Ensure authentication of users before allowing access to organisational data or services

  • No, Automox does not have native capability for this control area

• Ensure appropriate device locking controls (see “device locking”, below) for physically present users

  • Yes, Automox supports this ability via Worklets

User Access Control:

• Automox can help with your security configurations and assist with the implementation and distribution of user access providers, but this control area isn’t a core tenant of Automox’s functionality. 

Malware Protection:

• Automox can assist with the distribution of malware protection solutions, however, this control area is not a core tenant of Automox’s functionality.

Security Update Management: 

All software on in scope devices must be:

• Licensed and supported 

  • Automox provides endpoint software inventory but not licence management.

• Removed from devices when it becomes un-supported or removed from scope by using a defined “subset” that prevents all traffic to / from the internet 

  • Yes, Automox supports this ability via Worklets

•  Have automatic updates enabled where possible 

  • Yes, Automox supports this via default patch policies

• Updated, including applying any manual configuration changes required to make the update effective, within 14 days* of an update being released, where: 

  • The update fixes vulnerabilities described by the vendor as ‘critical’ or ‘high risk’

  • The update addresses vulnerabilities with a CVSS v3 score of 7 or above

  • There are no details of the level of vulnerabilities the update fixes provided by the vendor

    • Yes, Automox supports this via default patch policies and/or Worklets depending on the vulnerability in question