Skip to content
  • There are no suggestions because the search field is empty.

Preparing for Assessment

The steps needed to prepare for your assessment.

STEP 1: INSTALLING THE AGENT

To complete your assessment, you must install our security agent on your devices.

To assist with this process, please select the relevant guidance from the cards below. All installation guides are available in the Cyber Tec Knowledgebase.

The installation process for Windows, macOS, and Linux is slightly different from a typical software installation. It uses the command line and requires specific steps to ensure the agent installs and communicates correctly with our platform.

Please keep the relevant installation guide open while following the instructions in this document.

In most cases where the agent does not communicate correctly with our test centre, the issue is due to an incomplete or incorrect installation.

We recommend scanning 100% of your devices and servers.

Installation Commands

You must run the appropriate command for Windows, macOS, or Linux, inserting the Customer ID and Activation ID provided in your CE Onboarding email.

Microsoft Windows

QualysCloudAgent.exe CustomerId={xxxx-xxxx-xxxx-xxxx-xxxxxxxx} ActivationId={your-activation-key-here} WebServiceUri=https://qagpublic.qg2.apps.qualys.eu/CloudAgent/

Apple MAC OS

Command 1:

Apple OS X Command 1: sudo installer -pkg ./QualysCloudAgent.pkg -target /

Command 2:

Apple OS X Command 2: sudo /Applications/QualysCloudAgent.app/Contents/MacOS/qualys-cloud-agent.sh ActivationId=youractivation-key-here CustomerId=xxxx-xxxx-xxxx-xxxx-xxxxxxxx ServerUri=https://qagpublic.qg2.apps.qualys.eu/CloudAgent/

Important:
Ensure that the Qualys Agent has been granted Full Disk Access permissions in macOS Security & Privacy settings.

Linux

Linux installation commands vary depending on the distribution being used.

Please contact us and let us know which Linux distribution you are running, and we will provide the appropriate installation instructions.

MSI Installation

If you prefer to automate deployment, or install via RMM, scripting, or Group Policy (GPO), you can use the MSI installer.

  1. Download the appropriate x64 or x86 MSI installer.

  2. Run the following command, replacing the Customer ID and Activation ID with the values from your onboarding email.

msiexec.exe /i cloudagent_x64.msi CustomerId={xxxx-xxxx-xxxx-xxxx-xxxxxxxx} ActivationId={your activation key here} WebServiceUri=https://qagpublic.qg2.apps.qualys.eu/CloudAgent/ /qn

STEP 2: CONTACT THE ASSESSMENT TEAM

After installing the agent, there will be no visible activity on the device.

Please wait a few hours and then contact a member of the assessment team, who will confirm that your devices are successfully checking in to our platform.

No further changes are required on your devices. Once the agent is installed and we have confirmed communication, we can proceed with one of the following options:

  • Pre-Assessment Vulnerability Management – review the collected vulnerability data and ensure compliance before booking your final assessment. 

  • Final Assessment – proceed directly to the pass/fail assessment.

You should also provide all of your external IP addresses to the assessment team for pre-scanning and assessment scanning. If you are unsure of your external IP address, you can check it here.

STEP 3: THE FINAL ASSESSMENT

End-User Devices that provide an interactive (GUI) desktop

Whether you implement our vulnerability management process before your assessment or choose to proceed directly to the final assessment, your assessor will need to connect to the selected devices to perform interactive testing with you. Those devices will be selected by our assessors no earlier than 72 hours (3 working days) before your booked assessment slot.

This is typically carried out using FastSupport / GoToAssist.

For macOS and Linux devices, it is often easier to install TeamViewer in advance and test connectivity. This helps ensure that end users in the testing group can grant the assessor access without delays.

If you are scanning 100% of your assets, we will notify you 72 hours before the final assessment of the devices we intend to test interactively.

If you are not scanning 100% of your environment, we will first electronically confirm your asset list. From this list, we will select additional devices to add to the scan scope and include in interactive testing during the assessment.

What do our assessors see during the assessment?

Mobile Devices and Mobile Application/Device Management

For mobile devices, we normally use TeamViewer QuickSupport to allow assessors to access the device during testing.

Where Mobile Device Management (MDM) or Mobile Application Management (MAM) is implemented, in line with the requirements of Cyber Essentials, this may be used to support device testing and will be reviewed as part of the assessment.

Mobile Device or Application Management Requirements.

Assessors may still request direct access to mobile devices where necessary to complete the required checks.

What do our assessors see during the assessment?

The Interactive Testing

During interactive testing, our assessors will perform the following checks.

Email Testing

We test all applications and methods used to access email, including desktop clients, webmail, and mobile applications.

Testing includes:

  • Sending a range of test files into your environment, including recognised virus test files

  • Confirming that virus test files are blocked and not delivered

  • Confirming that other potentially risky file types cannot open or execute automatically without user confirmation

Browser Testing

All installed browsers will be tested.

This includes:

  • Attempting to download various file types and confirming they do not automatically open or execute

  • Attempting to download virus test files to ensure they are blocked appropriately

Certificate Review (where required)

We will review certificate trust configuration to confirm:

  • The device uses the standard root certificate store provided by the operating system

  • There is a defined process for approving and installing additional root certificates

Anti-Virus / EndPoint Protection Review

We will verify that endpoint protection is operating correctly, including:

  • Engine updates within the last 30 days

  • Signature updates within the last 24 hours

  • A configuration that is aligned with the manufacturer or vendor's recommended settings

Firewall Settings

  • Confirm that your firewall is enabled and on for all domains (Domain, Public, Private)

Account Separation Testing

We verify that standard user accounts and administrative accounts are properly separated.

Testing includes confirming that:

  • Administrative actions require a separate administrator account

  • Administrative tasks cannot be performed using the standard user account

  • Mechanisms such as UAC, macOS padlock elevation, or sudo are not considered account separation, as they elevate the existing user account rather than requiring a separate administrative identity.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication must be enabled for all sign-in-enabled entities across all cloud services.

During testing, we will verify that:

  • MFA is enforced for all users

  • MFA is enforced for administrative access

  • MFA policies apply across the entire tenant

For example, if your organisation uses a shared tenant across multiple regions, MFA must be enabled for all users within that tenant, not just those within the assessment scope.

If a cloud service supports MFA in any form, it must be enabled. This includes:

  • Native MFA provided by the service

  • MFA available in higher-tier licensing

  • MFA provided via external identity providers (e.g. Okta, Duo, SSO providers)

For Microsoft environments, tenant-wide MFA enforcement is supported and recommended, and should be implemented.

Fully Authenticated Vulnerability Scanning

We will review the vulnerability report to ensure that any issues for which a fix has been available for 14 days or more have been remediated.

If we complete a full scan of all assets and identify issues, you may be given some time to carry out further remediation. However, this will never exceed 30 days and must always remain within the overall 90-day period from your original Cyber Essentials Basic certification.

For example:

  • If you are tested 30 days after Cyber Essentials Basic, we may allow up to 30 days for remediation, meaning you must pass or fail within 60 days.

  • If you are tested 89 days after Cyber Essentials Basic, you will have only 1 day to remediate any identified issues.

You must be compliant on the day of certification. This includes any new issues that fall within scope during any permitted remediation period.

If you are not scanning your entire estate, we will ask you to confirm remediation of the issues identified in the initial scan. We will then require a further scan set, similar to the first. If this second scan identifies any of the same issues as the first scan, you will fail Cyber Essentials Plus, and your Cyber Essentials Basic certification will be revoked.

This new requirement has been introduced from April 2026 for the Danzell standard.

Evidence of compliance with the 14-day patching and remediation requirement is now a key aspect of the scheme. This has always been important, but the testing controls are now tighter.

External Enumeration and Unauthenticated Vulnerability Assessment

We will enumerate all of your external IP addresses, including cloud services and any other services where you control the IP addresses, firewalls, or related infrastructure.

You must not have any Critical- or High-severity vulnerabilities on your external IPs, and any enabled services must have brute-force protection in place.