Is there a Cyber Essentials checklist?

The following checklist applies to both Cyber Essentials and Cyber Essentials Plus requirements, the difference being that with the latter a technical expert conducts a vulnerability scan and remote audit of your IT systems, including a representative set of user devices, all Internet gateways and all servers with services accessible to unauthenticated Internet users.

The questions that will need to be answered include:

• Are all of your operating systems supported including phones, tablets, servers, workstations etc…?
• Have all the security patches been applied to the operating systems?
• Is your Office suite up to date? Is your anti-malware up to date?
• Are your browsers up to date with security patches?
• Have you disabled auto-run?
• Have you disabled remote scripts from being run?
• Are all of your applications up to date with security patches?
• Are all the applications used in the organisation supported?