Evidence Explorer
Evidence Feed Summary
Evidence Records
44
Requirements with Evidence
28
Source Systems
4
Clients in View
1
Requirements
| Question Ref | Question | Status | Evidence | Sources | Assessment Rationale | |
|---|---|---|---|---|---|---|
A4.1
Danzel 3.3 · Firewalls |
Do you have firewalls at the boundaries between your organisation's internal networks, laptops, desktops, servers, and the internet?
Host Firewall Enforcement |
Compliant | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Compliant. | |
A4.1.1
Danzel 3.3 · Firewalls |
Do you have software firewalls enabled on all of your computers, laptops and servers?
Host Firewall Enforcement |
Partial | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Partial. | |
A4.1.2
Danzel 3.3 · Firewalls |
If you answered no to question A4.1.1, is this because software firewalls are not installed by default as part of the operating system you are using?
Host Firewall Enforcement |
Unknown | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Unknown. | |
A4.2
Danzel 3.3 · Firewalls |
When you first receive an internet router or hardware firewall device, it may have had a default password on it. Have you changed all the default pass…
Host Firewall Enforcement |
Compliant | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Compliant. | |
A4.2.1
Danzel 3.3 · Firewalls |
Please describe the process for changing your firewall password.
Host Firewall Enforcement |
Partial | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Partial. | |
A4.3
Danzel 3.3 · Firewalls |
How is your firewall password configured?
Host Firewall Enforcement |
Unknown | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Unknown. | |
A4.4
Danzel 3.3 · Firewalls |
Do you change your firewall password when you know or suspect it has been compromised?
Host Firewall Enforcement |
Compliant | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Compliant. | |
A4.5
Danzel 3.3 · Firewalls |
Do you have a process to manage your firewall?
Host Firewall Enforcement |
Partial | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Partial. | |
A4.6
Danzel 3.3 · Firewalls |
Have you reviewed your firewall rules in the last 12 months?
Host Firewall Enforcement |
Unknown | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Unknown. | |
A4.7
Danzel 3.3 · Firewalls |
Are host firewalls enabled and configured to block unauthorized inbound network connections on supported endpoints?
Host Firewall Enforcement |
Compliant | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Compliant. | |
A4.8
Danzel 3.3 · Firewalls |
Please describe how you approve and document your allowed inbound connections.
Host Firewall Enforcement |
Partial | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Partial. | |
A4.9
Danzel 3.3 · Firewalls |
Are your boundary firewalls configured to allow access to their configuration settings over the internet?
Host Firewall Enforcement |
Unknown | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Unknown. | |
A4.10
Danzel 3.3 · Firewalls |
If you answered yes in question A4.9, is there a documented business requirement for this access?
Host Firewall Enforcement |
Compliant | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Compliant. | |
A4.11
Danzel 3.3 · Firewalls |
If you answered yes in question A4.9, is the access to your firewall settings protected by either multi-factor authentication or by only allowing trus…
Host Firewall Enforcement |
Partial | 2 | M365-Intune-Demo, NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Partial. | |
A5.1
Danzel 3.3 · Secure Configuration |
Is unnecessary or unauthorized software identified and remediated in line with policy?
Unnecessary Software Remediation |
Unknown | 0 | Demo profile shaping: mixed posture scenario produced status Unknown. | ||
A5.2
Danzel 3.3 · Secure Configuration |
Are systems and identities configured to an approved secure baseline with unnecessary features disabled?
Secure Configuration Baseline |
Compliant | 1 | NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Compliant. | |
A5.3
Danzel 3.3 · Secure Configuration |
Have you changed the default password for all user and administrator accounts on all your desktop computers, laptops, thin clients, servers, tablets a…
Secure Configuration Baseline |
Partial | 1 | NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Partial. | |
A5.4
Danzel 3.3 · Secure Configuration |
Do you run or host external services that provide access to data (that should not be made public) to users across the internet?
Secure Configuration Baseline |
Unknown | 1 | NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Unknown. | |
A5.5
Danzel 3.3 · Secure Configuration |
If yes to question A5.4, which authentication option do you use?
Secure Configuration Baseline |
Compliant | 1 | NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Compliant. | |
A5.6
Danzel 3.3 · Secure Configuration |
Describe the process in place for changing passwords on your external services when you believe they have been compromised.
Secure Configuration Baseline |
Partial | 1 | NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Partial. | |
A5.7
Danzel 3.3 · Secure Configuration |
When not using multi-factor authentication, which option are you using to protect your external service from brute force attacks?
Secure Configuration Baseline |
Unknown | 1 | NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Unknown. | |
A5.8
Danzel 3.3 · Secure Configuration |
Have you disabled any feature which allows automatic file execution of downloaded or imported files without user authorisation?
Secure Configuration Baseline |
Compliant | 1 | NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Compliant. | |
A5.9
Danzel 3.3 · Secure Configuration |
When a device requires a user to be present, do you set a locking mechanism on your devices to access the software and services installed?
Secure Configuration Baseline |
Partial | 1 | NinjaOne-Demo | Demo profile shaping: mixed posture scenario produced status Partial. | |
A5.10
Danzel 3.3 · Secure Configuration |
Which method do you use to unlock the devices?
Unnecessary Software Remediation |
Unknown | 0 | Demo profile shaping: mixed posture scenario produced status Unknown. | ||
A6.1
Danzel 3.3 · Security Update Management |
Are all operating systems on your devices supported by a vendor that produces regular security updates and vulnerability fixes?
Security Update Currency |
Compliant | 0 | Demo profile shaping: mixed posture scenario produced status Compliant. | ||
A6.2
Danzel 3.3 · Security Update Management |
Is all the software on your devices supported by a supplier that produces regular vulnerability fixes for any security problems?
Security Update Currency |
Partial | 0 | Demo profile shaping: mixed posture scenario produced status Partial. | ||
A6.2.1
Danzel 3.3 · Security Update Management |
Please list your internet browser(s).
Security Update Currency |
Unknown | 0 | Demo profile shaping: mixed posture scenario produced status Unknown. | ||
A6.2.2
Danzel 3.3 · Security Update Management |
Please list your malware protection software.
Security Update Currency |
Compliant | 0 | Demo profile shaping: mixed posture scenario produced status Compliant. | ||
A6.2.3
Danzel 3.3 · Security Update Management |
Please list your email applications installed on end user devices and servers.
Security Update Currency |
Partial | 0 | Demo profile shaping: mixed posture scenario produced status Partial. | ||
A6.2.4
Danzel 3.3 · Security Update Management |
Please list all office applications that are used to create organisational data.
Security Update Currency |
Unknown | 0 | Demo profile shaping: mixed posture scenario produced status Unknown. | ||
A6.3
Danzel 3.3 · Security Update Management |
Are any of the in-scope software or cloud services unlicensed or unsupported?
Unsupported Software Remediation |
Compliant | 2 | HaloPSA-Demo, M365-Intune-Demo | Demo profile shaping: mixed posture scenario produced status Compliant. | |
A6.3.1/A6.6/A6.7
Danzel 3.3 · Security Update Management |
Is unsupported or end-of-life software identified and remediated with accountable ownership?
Unsupported Software Remediation |
Partial | 2 | HaloPSA-Demo, M365-Intune-Demo | Demo profile shaping: mixed posture scenario produced status Partial. | |
A6.4/A6.5
Danzel 3.3 · Security Update Management |
Are security updates applied within policy timelines for operating systems and applications?
Security Update Currency |
Unknown | 0 | Demo profile shaping: mixed posture scenario produced status Unknown. | ||
A6.4.1
Danzel 3.3 · Security Update Management |
Are all updates applied for operating systems by enabling auto updates?
Security Update Currency |
Compliant | 0 | Demo profile shaping: mixed posture scenario produced status Compliant. | ||
A6.4.2
Danzel 3.3 · Security Update Management |
Where auto updates are not being used, how do you ensure all high-risk or critical security updates and vulnerability fixes of all operating systems a…
Security Update Currency |
Partial | 0 | Demo profile shaping: mixed posture scenario produced status Partial. | ||
A6.5.1
Danzel 3.3 · Security Update Management |
Are all updates applied on your applications by enabling auto updates?
Security Update Currency |
Unknown | 0 | Demo profile shaping: mixed posture scenario produced status Unknown. | ||
A6.5.2
Danzel 3.3 · Security Update Management |
Where auto updates are not being used, how do you ensure all high-risk or critical security updates of all applications are applied within 14 days of …
Security Update Currency |
Compliant | 0 | Demo profile shaping: mixed posture scenario produced status Compliant. | ||
A7.1
Danzel 3.3 · User Access Control |
Are your users only provided with user accounts after a process has been followed to approve their creation? Describe the process.
Privileged Account Separation |
Partial | 0 | Demo profile shaping: mixed posture scenario produced status Partial. | ||
A7.2
Danzel 3.3 · User Access Control |
Are all your user and administrative accounts accessed by entering unique credentials?
Privileged Account Separation |
Unknown | 0 | Demo profile shaping: mixed posture scenario produced status Unknown. | ||
A7.3
Danzel 3.3 · User Access Control |
How do you ensure you have deleted, or disabled, any accounts for staff who are no longer with your organisation?
Privileged Account Separation |
Compliant | 0 | Demo profile shaping: mixed posture scenario produced status Compliant. | ||
A7.4
Danzel 3.3 · User Access Control |
Do you ensure that staff only have the access privileges that they need to do their current job? How do you do this?
Privileged Account Separation |
Partial | 0 | Demo profile shaping: mixed posture scenario produced status Partial. | ||
A7.5
Danzel 3.3 · User Access Control |
Do you have a formal process for giving someone access to systems at an administrator level and can you describe this process?
Privileged Account Separation |
Unknown | 0 | Demo profile shaping: mixed posture scenario produced status Unknown. | ||
A7.6
Danzel 3.3 · User Access Control |
Are administrative accounts separate from standard user accounts and used only for administrative tasks?
Privileged Account Separation |
Compliant | 0 | Demo profile shaping: mixed posture scenario produced status Compliant. | ||
A7.7
Danzel 3.3 · User Access Control |
How does your organisation prevent administrator accounts from being used to carry out everyday tasks like browsing the web or accessing email?
Privileged Account Separation |
Partial | 0 | Demo profile shaping: mixed posture scenario produced status Partial. | ||
A7.8
Danzel 3.3 · User Access Control |
Do you formally track which users have administrator accounts in your organisation?
Privileged Account Separation |
Unknown | 0 | Demo profile shaping: mixed posture scenario produced status Unknown. | ||
A7.9
Danzel 3.3 · User Access Control |
Do you review who should have administrative access on a regular basis?
Privileged Account Separation |
Compliant | 0 | Demo profile shaping: mixed posture scenario produced status Compliant. | ||
A7.10
Danzel 3.3 · User Access Control |
Where you have systems that require passwords (or where passwords are a backup for a passwordless system), how are they protected from brute-force att…
Privileged Account Separation |
Partial | 0 | Demo profile shaping: mixed posture scenario produced status Partial. | ||
A7.11
Danzel 3.3 · User Access Control |
Which technical controls are used to manage the quality of your passwords within your organisation?
Privileged Account Separation |
Unknown | 0 | Demo profile shaping: mixed posture scenario produced status Unknown. | ||
A7.12
Danzel 3.3 · User Access Control |
Please explain how you encourage people to use unique and strong passwords.
Privileged Account Separation |
Compliant | 0 | Demo profile shaping: mixed posture scenario produced status Compliant. | ||
A7.13
Danzel 3.3 · User Access Control |
Do you have a process for when you believe the passwords or accounts have been compromised?
Privileged Account Separation |
Partial | 0 | Demo profile shaping: mixed posture scenario produced status Partial. | ||
A7.14
Danzel 3.3 · User Access Control |
Is multi-factor authentication enforced for privileged users and cloud service access?
MFA for Privileged and Cloud Access |
Unknown | 1 | M365-Demo | Demo profile shaping: mixed posture scenario produced status Unknown. | |
A7.15
Danzel 3.3 · User Access Control |
If you have answered no to question A7.14, please provide a list of your cloud services that do not provide any option for MFA.
MFA for Privileged and Cloud Access |
Compliant | 1 | M365-Demo | Demo profile shaping: mixed posture scenario produced status Compliant. | |
A7.16
Danzel 3.3 · User Access Control |
Has MFA been applied to all administrators of your cloud services, excluding any listed in A7.15 that do not provide it?
MFA for Privileged and Cloud Access |
Partial | 1 | M365-Demo | Demo profile shaping: mixed posture scenario produced status Partial. | |
A7.17
Danzel 3.3 · User Access Control |
Has MFA been applied to all users of your cloud services, excluding any listed in A7.15 that do not provide it?
MFA for Privileged and Cloud Access |
Unknown | 1 | M365-Demo | Demo profile shaping: mixed posture scenario produced status Unknown. | |
A8.1
Danzel 3.3 · Malware Protection |
Is anti-malware protection enabled on supported devices with current signatures and active monitoring?
Endpoint Malware Protection |
Compliant | 0 | Demo profile shaping: mixed posture scenario produced status Compliant. | ||
A8.2/A8.3
Danzel 3.3 · Malware Protection |
Are malware detections investigated and resolved through a documented incident workflow?
Malware Incident Handling |
Partial | 0 | Demo profile shaping: mixed posture scenario produced status Partial. | ||
A8.4
Danzel 3.3 · Malware Protection |
If Option B has been selected: where you use an app-store or application signing, are users restricted from installing unsigned applications?
Endpoint Malware Protection |
Unknown | 0 | Demo profile shaping: mixed posture scenario produced status Unknown. | ||
A8.5
Danzel 3.3 · Malware Protection |
If Option B has been selected: where you use an app-store or application signing, do you ensure users only install applications approved by your organ…
Endpoint Malware Protection |
Compliant | 0 | Demo profile shaping: mixed posture scenario produced status Compliant. | ||