The Firewalls section of the Cyber Essentials standard is focused on ensuring that your organisation has the correct controls in place to manage your network devices such as routers and firewalls (switches and hubs are outside the scope of Cyber Essentials), but it also covers software firewalls, so you need to ensure that your devices have it enabled.
<aside> 💡 If you use an MSP to manage elements of this section, you will need to let them know that you are applying for Cyber Essentials and you require some of the information in this section. Be aware, that even if a 3rd party manages elements of security you are still ultimately responsible for ensuring compliance with the Cyber Essentials standard.
</aside>
Question A4.1 and A4.1.1 requires that your organisation has firewalls at the boundary of the network, which is quite self-explanatory for certain organisation, whoever for the smaller ones it may be slightly unclear. In case your organisation is too small or works mostly remote you will need to have the software firewall enabled on your devices, this applies to Mac or Linux devices as well.
In A4.1.1 you should state what other controls you have in place:
Below I’ve put a table of the general questions that are passed to organisations that use an MSP, in the case you don’t use one please skip the below
Question A4.10 and A4.11 focuses on your organisation and ensuring that software firewall is enabled across the estate.
Depending on the tooling you have available, for example some software such as Endpoint Central allows you to check it from a central view.
If you do not have this kind of solution in place it’s quite easy to manually check on your windows, Linux or Mac devices using the command line.