A4.1.1 · Danzel-3.3-A4_1_1

Do you have software firewalls enabled on all of your computers, laptops and servers?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Close open control exceptions and re-verify evidence to move this requirement to compliant.

A4.1.2 · Danzel-3.3-A4_1_2

If you answered no to question A4.1.1, is this because software firewalls are not installed by default as part of the operating system you are using?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Investigate incomplete evidence records and confirm control telemetry collection for this requirement.

A4.2.1 · Danzel-3.3-A4_2_1

Please describe the process for changing your firewall password.

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Close open control exceptions and re-verify evidence to move this requirement to compliant.

A4.3 · Danzel-3.3-A4_3

How is your firewall password configured?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Investigate incomplete evidence records and confirm control telemetry collection for this requirement.

A4.5 · Danzel-3.3-A4_5

Do you have a process to manage your firewall?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Close open control exceptions and re-verify evidence to move this requirement to compliant.

A4.6 · Danzel-3.3-A4_6

Have you reviewed your firewall rules in the last 12 months?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Investigate incomplete evidence records and confirm control telemetry collection for this requirement.

A4.8 · Danzel-3.3-A4_8

Please describe how you approve and document your allowed inbound connections.

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Close open control exceptions and re-verify evidence to move this requirement to compliant.

A4.9 · Danzel-3.3-A4_9

Are your boundary firewalls configured to allow access to their configuration settings over the internet?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Investigate incomplete evidence records and confirm control telemetry collection for this requirement.

A4.11 · Danzel-3.3-A4_11

If you answered yes in question A4.9, is the access to your firewall settings protected by either multi-factor authentication or by only allowing trusted IP addresses combined with managed authentication to access the settings?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Close open control exceptions and re-verify evidence to move this requirement to compliant.

A5.1 · Danzel-3.3-SC-2

Is unnecessary or unauthorized software identified and remediated in line with policy?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Integrate or repair evidence feeds from: HaloPSA, M365, NinjaOne to establish a defensible status.

No direct evidence records were returned for this requirement.

A5.3 · Danzel-3.3-A5_3

Have you changed the default password for all user and administrator accounts on all your desktop computers, laptops, thin clients, servers, tablets and mobile phones?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Complete remaining evidence collection from: M365 and close identified control gaps.

A5.4 · Danzel-3.3-A5_4

Do you run or host external services that provide access to data (that should not be made public) to users across the internet?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Integrate or repair evidence feeds from: M365 to establish a defensible status.

A5.6 · Danzel-3.3-A5_6

Describe the process in place for changing passwords on your external services when you believe they have been compromised.

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Complete remaining evidence collection from: M365 and close identified control gaps.

A5.7 · Danzel-3.3-A5_7

When not using multi-factor authentication, which option are you using to protect your external service from brute force attacks?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Integrate or repair evidence feeds from: M365 to establish a defensible status.

A5.9 · Danzel-3.3-A5_9

When a device requires a user to be present, do you set a locking mechanism on your devices to access the software and services installed?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Complete remaining evidence collection from: M365 and close identified control gaps.

A5.10 · Danzel-3.3-A5_10

Which method do you use to unlock the devices?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Integrate or repair evidence feeds from: HaloPSA, M365, NinjaOne to establish a defensible status.

No direct evidence records were returned for this requirement.

A6.2 · Danzel-3.3-A6_2

Is all the software on your devices supported by a supplier that produces regular vulnerability fixes for any security problems?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Complete remaining evidence collection from: HaloPSA, M365, NinjaOne and close identified control gaps.

No direct evidence records were returned for this requirement.

A6.2.1 · Danzel-3.3-A6_2_1

Please list your internet browser(s).

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Integrate or repair evidence feeds from: HaloPSA, M365, NinjaOne to establish a defensible status.

No direct evidence records were returned for this requirement.

A6.2.3 · Danzel-3.3-A6_2_3

Please list your email applications installed on end user devices and servers.

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Complete remaining evidence collection from: HaloPSA, M365, NinjaOne and close identified control gaps.

No direct evidence records were returned for this requirement.

A6.2.4 · Danzel-3.3-A6_2_4

Please list all office applications that are used to create organisational data.

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Integrate or repair evidence feeds from: HaloPSA, M365, NinjaOne to establish a defensible status.

No direct evidence records were returned for this requirement.

A6.3.1/A6.6/A6.7 · Danzel-3.3-SUM-2

Is unsupported or end-of-life software identified and remediated with accountable ownership?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Complete remaining evidence collection from: NinjaOne and close identified control gaps.

A6.4/A6.5 · Danzel-3.3-SUM-1

Are security updates applied within policy timelines for operating systems and applications?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Integrate or repair evidence feeds from: HaloPSA, M365, NinjaOne to establish a defensible status.

No direct evidence records were returned for this requirement.

A6.4.2 · Danzel-3.3-A6_4_2

Where auto updates are not being used, how do you ensure all high-risk or critical security updates and vulnerability fixes of all operating systems and firmware on firewalls and routers are applied within 14 days of release?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Complete remaining evidence collection from: HaloPSA, M365, NinjaOne and close identified control gaps.

No direct evidence records were returned for this requirement.

A6.5.1 · Danzel-3.3-A6_5_1

Are all updates applied on your applications by enabling auto updates?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Integrate or repair evidence feeds from: HaloPSA, M365, NinjaOne to establish a defensible status.

No direct evidence records were returned for this requirement.

A7.1 · Danzel-3.3-A7_1

Are your users only provided with user accounts after a process has been followed to approve their creation? Describe the process.

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Complete remaining evidence collection from: M365 and close identified control gaps.

No direct evidence records were returned for this requirement.

A7.2 · Danzel-3.3-A7_2

Are all your user and administrative accounts accessed by entering unique credentials?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Integrate or repair evidence feeds from: M365 to establish a defensible status.

No direct evidence records were returned for this requirement.

A7.4 · Danzel-3.3-A7_4

Do you ensure that staff only have the access privileges that they need to do their current job? How do you do this?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Complete remaining evidence collection from: M365 and close identified control gaps.

No direct evidence records were returned for this requirement.

A7.5 · Danzel-3.3-A7_5

Do you have a formal process for giving someone access to systems at an administrator level and can you describe this process?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Integrate or repair evidence feeds from: M365 to establish a defensible status.

No direct evidence records were returned for this requirement.

A7.7 · Danzel-3.3-A7_7

How does your organisation prevent administrator accounts from being used to carry out everyday tasks like browsing the web or accessing email?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Complete remaining evidence collection from: M365 and close identified control gaps.

No direct evidence records were returned for this requirement.

A7.8 · Danzel-3.3-A7_8

Do you formally track which users have administrator accounts in your organisation?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Integrate or repair evidence feeds from: M365 to establish a defensible status.

No direct evidence records were returned for this requirement.

A7.10 · Danzel-3.3-A7_10

Where you have systems that require passwords (or where passwords are a backup for a passwordless system), how are they protected from brute-force attacks?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Complete remaining evidence collection from: M365 and close identified control gaps.

No direct evidence records were returned for this requirement.

A7.11 · Danzel-3.3-A7_11

Which technical controls are used to manage the quality of your passwords within your organisation?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Integrate or repair evidence feeds from: M365 to establish a defensible status.

No direct evidence records were returned for this requirement.

A7.13 · Danzel-3.3-A7_13

Do you have a process for when you believe the passwords or accounts have been compromised?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Complete remaining evidence collection from: M365 and close identified control gaps.

No direct evidence records were returned for this requirement.

A7.14 · Danzel-3.3-UAC-2

Is multi-factor authentication enforced for privileged users and cloud service access?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Investigate incomplete evidence records and confirm control telemetry collection for this requirement.

A7.16 · Danzel-3.3-A7_16

Has MFA been applied to all administrators of your cloud services, excluding any listed in A7.15 that do not provide it?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Close open control exceptions and re-verify evidence to move this requirement to compliant.

A7.17 · Danzel-3.3-A7_17

Has MFA been applied to all users of your cloud services, excluding any listed in A7.15 that do not provide it?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Investigate incomplete evidence records and confirm control telemetry collection for this requirement.

A8.2/A8.3 · Danzel-3.3-MP-2

Are malware detections investigated and resolved through a documented incident workflow?

Why this status: Demo profile shaping: mixed posture scenario produced status Partial.

Action hint: Complete remaining evidence collection from: HaloPSA, NinjaOne and close identified control gaps.

No direct evidence records were returned for this requirement.

A8.4 · Danzel-3.3-A8_4

If Option B has been selected: where you use an app-store or application signing, are users restricted from installing unsigned applications?

Why this status: Demo profile shaping: mixed posture scenario produced status Unknown.

Action hint: Integrate or repair evidence feeds from: M365, NinjaOne to establish a defensible status.

No direct evidence records were returned for this requirement.