Cyber Essentials Section 5 - Patch Management

The Cyber Essentials is a UK government-backed framework which is designed to assist organisations in protecting themselves against common threats.  The Cyber Essentials provides a basic cyber security foundation that can serve as a stepping stone to a more comprehensive zero-trust approach. The Cyber Essentials is built on 5 key components that, when implemented correctly, can reduce cyber risk.  The five key components are:

1. Firewalls and Boundary Devices
2. Secure Configurations
3. Access Control
4. Malware Protection
5. Patch Management

Tenable has released a series of reports, that focuses on each of the five basic technical controls, which organisations can use to help strengthen their defences against the most common cyber threats.

The focus of this report is Section 5 - Patch Management.  Organisations which comply with Section 5 ensure they are actively fixing vulnerabilities before attackers can exploit them, reducing risk, and demonstrating responsible security practices. In addition to reducing risk, compliance demonstrates that organisations take security seriously,  improving  trust with customers, partners, and regulators. 

This key component applies to all the following in scope devices: Boundary Firewalls, Desktop Computers, Laptops, Routers, Servers, Iaas, PaaS, and SaaS devices.  Some items to focus on within this key component are:

• Reducing exploitable weaknesses
• Keeping devices and software secure
• Limiting the window of risk (enforcing timely updates)

This report contains the following chapters:

• Unsupported Products - The Unsupported Products chapter focuses on products that have been identified as being unsupported. 

• Missing Microsoft Patches - The focus of this chapter is to present missing Microsoft Security Updates. 

• Outstanding Patches - The focus of this chapter is to present all known outstanding patches.