CYB-FORM-00-1 Gap Assessment Tool

Page 1

Please note: This sample shows only a section of the complete Gap Assessment tool.

VERSION:

DATED:

APPROVAL:

Gap Assessment Tool

CONTROLS

Control 1: Firewalls

[1] [Enterdate here] [Entername of approverhere]

COMPLIANT? ACTION NEEDED FOR COMPLIANCE ACTION OWNER POSSIBLE EVIDENCE

l A firewall is in place to protect the internal network from the internet. Yes

l The administrator password of the firewall(s) has been changed from the default.

l The firewall rules (defining traffic that is allowed or denied a route through the firewall) have been documented and approved.

Yes

l Vulnerable network services are blocked unless explicitly required. Yes

l Changes to firewall rules are controlled and documented.

l Firewall rules are reviewed on a regular basis to ensure they remain appropriate. Yes

l Only devices that need access to the internet are allowed to connect to it.

l The admin interface of the firewall is only accessible from within the internal network. Yes

Total: 8

Network Diagram

Network Security Policy

Password Policy

Firewall Configuration Standard

Firewall Configuration Standard

Firewall Rule Change Log

Firewall Rule Change Process

Firewall Review Form

Configuration Standard

Information Security Policy

Yes
Yes
Yes

Control 2: Secure Configuration

l All user accounts have been verified as active and required on all computers in the internal network, and inactive ones have been removed.

l All default passwords have been changed. Yes

l There is a policy for passwords which is approved, communicated and followed. Yes

l Where sensitive data is accessed, multi-factor authentication is used (e.g. a one-time code sent to a phone).

l Auto-run is disabled for USB ports on computers. Yes Information Security Policy

l Only software that is required is installed on the organisation's computers.

l Installation of software on computers by users is restricted (either prevented or restricted to a vendor store, if appropriate).

l Client firewalls are active and appropriately configured on all computers.

l A secure standard configuration is used for all new computers. Yes Configuration Standard

l Remote access to the organisation's network is controlled via the use of Virtual Private Networks (VPNs).

l A list is maintained of all cloud services used. Yes

Total: 11

Cloud Services Register

Yes
Configuration Standard
Password Policy
Password Policy
Yes
Password Policy
Yes
Configuration Standard
Yes
Software Policy
Yes
Configuration Standard
Yes
Mobile Device Policy

Cyber Essentials Gap Assessment dashboard

To refresh chart data, click on “Refresh All” on the Data ribbon.

Gap assessment results

CONTROL NO OF REQS NO OF REQS MET PERCENTAGECONFORMITY Percentage Compliance to Cyber Essentials Radar Chart 1. Firewalls 8 8 100% 2. Secure Configuration 11 11 100% 3. Security Update Management 5 5 100% 4. UserAccess Control 9 9 100% 5. Malware Protection 5 5 100% Total 38 38 100% Percentage Compliance to Cyber Essentials Level of Compliance to Cyber Essentials 0% 20% 40% 60% 80% 100% 1. Firewalls 2. Secure Configuration 3. Security Update Management 4. User AccessControl 5. Malware Protection 100% 100% 100% 100% 100% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 1. Firewalls 2. Secure Configuration 3. Security Update Management 4. User Access Control 5. Malware Protection 5 9 5 11 8 5 9 5 11 8 0 2 4 6 8 10 12 5. Malware Protection 4. User Access Control 3. Security Update Management 2. Secure Configuration 1. Firewalls NOOF REQS MET NOOF REQS

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.