Home Compliance & Certification Network Diagram Guide

Network Diagram Guide

Last updated on Sep 25, 2025

1. Purpose of this Guide

This artefact proves your company understands and documents how its network is structured and defended. Cyber Essentials requires this because without a clear map, it’s easy to overlook unprotected pathways, forgotten devices, or weak firewall coverage. A diagram is like your castle blueprint — showing walls, gates, and where the guards are posted.

2. What You Will Submit

You will need:

  • network diagram that includes:

    • Internet connection points.

    • Firewalls (hardware or DNS firewalls).

    • Routers, switches, Wi-Fi access points.

    • Segmented networks (e.g., office LAN, guest Wi-Fi, IoT VLAN).

    • End-user devices (workstations, laptops, mobiles, printers).

  • If using StrongKeep: the provided template diagram, adapted with your details.

3. How to Collect / Obtain / Generate This Evidence

Option A: Use the StrongKeep Template:

  1. Download the Network Diagram template.

  2. Add your:

    • ISP connection

    • Firewall(s)

    • Switches / Wi-Fi Access Points

    • Device groups (e.g., staff laptops, printers, IoT cameras)

  3. Save and export as PDF or PNG.

Option B: Create from Scratch (if not using StrongKeep):

  • Microsoft Visio / Lucidchart / Draw.io:

    1. Create a blank canvas.

    2. Add internet, firewall, router, and network segments.

    3. Place icons for devices (workstations, printers, servers).

    4. Label key security features (e.g., “DNS firewall enabled,” “IoT isolated VLAN”).

    5. Export to PDF/PNG.

Option C: Auto-Discovery Tools (advanced):

  • Use tools like Lansweeper, SolarWinds, or NetBrain to auto-generate diagrams.

  • Export the generated map, ensuring sensitive hostnames/IPs are redacted.

4. Evidence Format

  • Accepted file types: PDF, PNG, JPG.

  • Suggested naming format:
    YourCompanyName_NetworkDiagram_YYYY-MM-DD.pdf
    Example: AcmeCorp_NetworkDiagram_2025-07-01.pdf

5. What “Good” Looks Like

  • Shows all main components (firewalls, routers, devices, Wi-Fi).

  • Clearly labels security controls (firewall, segmentation).

  • Easy to read (not overloaded with every tiny switch or port).

  • Reflects the current environment (not an outdated design).

Why it matters: auditors want proof that you’re aware of your network’s shape and choke points — a living map of your cyber fortress.

6. Tips

  • Keep it high-level — no need for every patch cable.

  • Show segmentation (e.g., staff Wi-Fi vs guest Wi-Fi).

  • Update after major IT changes (new ISP, new firewall, new office).

  • Redact sensitive details like internal IP ranges if needed.