Cyber Essentials Section 2 - Secure Configurations

The Cyber Essentials is a UK government-backed framework which is designed to assist organisations in protecting themselves against common threats.  The Cyber Essentials provides a basic cyber security foundation that can serve as a stepping stone to a more comprehensive zero-trust approach. The Cyber Essentials is built on 5 key components that, when implemented correctly, can reduce cyber risk.  The five key components are:

1. Firewalls and Boundary Devices
2. Secure Configurations
3. Access Control
4. Malware Protection
5. Patch Management

Tenable has released a series of reports that focuses on each of the five basic technical controls, which organisations can use to help strengthen their defences against the most common cyber threats.

Misconfigured systems are often easy targets for attackers.  The focus of this report is Section 2 - Secure Configurations which focuses on ensuring that computers and network devices are set up in the most secure method to reduce vulnerabilities and reduce organisations risk of exposure.    

Secure Configuration (also called security hygiene) is ensuring that devices and software are configured in the most secure way possible to reduce vulnerabilities and exposure to cyber threats.  Unused software or services can introduce exploitable vulnerabilities.  Default accounts and passwords are widely known and easy to exploit. The focus of this section applies to: servers, desktop computers, laptops, tablets, thin clients, mobile phones, IaaS, PaaS and SaaS.

A secure configuration is your first line of defense. Default configurations and installations are not always secure. Secure configuration begins with the identification and removal/disabling of unnecessary accounts, applications, and services, organisations can minimize vulnerabilities.

This report contains the following chapters:

• Software - The software section contains details related to installed software, software that End of Life, and Security End of Life (SEoL) software.

• User Accounts - The user accounts section contains details related to default credentials, account weakness, and other insecurities. 

• Compliance Scanning - The compliance scanning section contains details related to audit checks and compliance scanning.