Please note: This sample shows only a section of the complete Gap Assessment tool.
Gap Assessment Tool
Control 1: Firewalls
l A firewall is in place to protect the internal network from the internet.
l The administrator password of the firewall(s) has been changed from the default.
l The firewall rules (defining traffic that is allowed or denied a route through the firewall) have been documented and approved.
l Vulnerable network services are blocked unless explicitly required.
l Changes to firewall rules are controlled and documented.
l Firewall rules are reviewed on a regular basis to ensure they remain appropriate.
l Only devices that need access to the internet are allowed to connect to it.
l The admin interface of the firewall is only accessible from within the internal network.
VERSION:
DATED:
APPROVAL: [1] [Enterdate here] [Entername of approverhere]
Network Diagram
Network Security Policy
Password Policy
Firewall Configuration Standard
Firewall Configuration Standard
Firewall Rule Change Log
Firewall Rule Change Process
Firewall Review Form
Configuration Standard
Information Security Policy Total:
Control 2: Secure Configuration
l All user accounts have been verified as active and required on all computers in the internal network, and inactive ones have been removed.
l All default passwords have been changed. Yes
l There is a policy for passwords which is approved, communicated and followed.
l Where sensitive data is accessed, multi-factor authentication is used (e.g. a one-time code sent to a phone).
l Auto-run is disabled for USB ports on computers. Yes
l Only software that is required is installed on the organisation's computers.
l Installation of software on computers by users is restricted (either prevented or restricted to a vendor store, if appropriate).
l Client firewalls are active and appropriately configured on all computers.
l A secure standard configuration is used for all new computers. Yes
l Remote access to the organisation's network is controlled via the use of Virtual Private Networks (VPNs).
l A list is maintained of all cloud services used. Yes
Configuration Standard
Password Policy
Password Policy
Password Policy
Information Security Policy
Configuration Standard
Software Policy
Configuration Standard
Configuration Standard
Mobile Device Policy
Cloud Services Register
Cyber Essentials Gap Assessment dashboard
To refresh chart data, click on “Refresh All” on the Data ribbon.
Gap assessment results