Home Compliance & Certification Operating System Firewall Guide

Operating System Firewall Guide

Last updated on Sep 25, 2025

1. Purpose of this Guide

This artefact proves your company has host firewalls enabled on all endpoints. Cyber Essentials requires this because firewalls are your personal guard at the door — blocking shady traffic before it even enters. Whether using the built-in OS firewall or StrongKeep’s XDR host firewall, this evidence shows every device has a shield raised.

2. What You Will Submit

You will need:

  • screenshot showing a host firewall enabled and configured.

  • The screenshot should include:

    • Firewall status (ON/Enabled).

    • Rules or categories applied (if visible).

    • Confirmation it’s applied at the device level (OS or XDR agent).

3. How to Collect / Obtain / Generate This Evidence

Using StrongKeep XDR Host Firewall (coming soon):

  1. Log into the StrongKeep Dashboard → Evidence Library → Host Firewall.

  2. Click Generate Report.

  3. Screenshot the view showing firewall enforcement from the XDR agent.

Using Windows built-in Defender Firewall:

  1. Open Control Panel → System and Security → Windows Defender Firewall.

  2. Confirm firewall is ON for Domain, Private, and Public networks.

  3. Screenshot the panel.

Using macOS built-in Firewall:

  1. Go to System Settings → Network → Firewall.

  2. Toggle Firewall = ON.

  3. Screenshot this view.

Using Linux (UFW or Firewalld):

  1. Run sudo ufw status or sudo firewall-cmd --state.

  2. Take a screenshot of the terminal showing active firewall.

4. Evidence Format

  • Accepted file types: PNG, JPG, PDF.

  • Suggested naming format:
    YourCompanyName_HostFirewall_YYYY-MM-DD.png
    Example: AcmeCorp_HostFirewall_2025-07-01.png

5. What “Good” Looks Like

  • Firewall clearly shown as enabled.

  • Screenshot taken from system or XDR console (not a mockup).

  • If possible, rules or logs visible to show active blocking.

  • Evidence from multiple OS types if your organisation uses mixed environments.

Why it matters: auditors want to see host-level protection — even if your network firewall fails, endpoints are still guarded.

6. Tips

  • For StrongKeep XDR, include one screenshot per OS type deployed (Windows/macOS).

  • Redact sensitive rule names or IP addresses.

  • Pair this with your Firewall Configuration Screenshot (DNS/Network firewall) to show layered defence.