The Cyber Essentials control for secure configuration is one of the five technical controls that form the basis of the Cyber Essentials certification scheme. This control is designed to help organisations protect their systems and networks against common cyber threats by ensuring that their systems are configured in a secure manner.
The control for secure configuration includes several key components, such as:
- Configuring systems to use secure protocols: Organisations should configure their systems to use secure protocols such as HTTPS, SSH, and SFTP, instead of insecure protocols such as FTP or Telnet, which are easily compromised.
- Securing operating systems: Organisations should ensure that their operating systems are configured securely. This includes ensuring that all unnecessary services and ports are disabled, and that the latest security patches and updates are installed.
- Securing applications: Organisations should ensure that all applications installed on their systems are configured securely. This includes disabling any unnecessary features or services and applying the latest security patches and updates.
- Restricting access to administrator and privileged accounts: Organisations should restrict access to administrator and privileged accounts to only those who need it, and use strong authentication methods, such as Multi-factor Authentication.
- Regularly review and update configurations: Organisations should regularly review and update their system and network configurations to ensure that they are secure, updated and comply with the latest security best practices.
By implementing these controls and practices, organisations can meet the Cyber Essentials control for secure configuration and reduce the risk of common cyber threats. Organisations should also have a clear incident management process in place to address any vulnerabilities that cannot be patched, to minimise the risk of a successful attack.
It's also important to note that secure configuration is an ongoing process and systems need to be regularly monitored and updated to stay ahead of the latest security risks and threats.
.svg)
