Cyber Essentials is a standard developed by the UK government in collaboration with industry partners and is managed by the National Cyber Security Centre. The standard sets a baseline of cybersecurity fundamental controls that organisations need to apply in order to be certified. The purpose of the standard is to help organisations protect themselves from hacking, phishing and password guessing.
The standard is split into five technical control areas:
- Secure configuration
- User access control
- Malware protection
- Patch management
Before any work is carried out, you must first assess what is in scope for the certification. It is strongly suggested that your entire IT infrastructure is placed in scope. This ensures that essential security is applied across your entire environment without any weak gaps. The scope must be agreed upon between you and the certification body before the assessment is carried out.
The basic Cyber Essentials process can be done as a self-assessment to a certification body, with then finally conducting a vulnerability test on your external facing presence. The cyber essential plus requires the same standards to be met but is certified by an audit and internal testing, by a certification body. There are a variety of certification bodies that should test to the same standard. However, there are some minor differences between them so you should first ask yourself if there is a specific need to achieve one certification over another.
Get in touch with our security experts
Our team is available for a quick call or video meeting. Let's connect and discuss your security challenges, dive into vendor comparison reports, or talk about your upcoming IT-projects. We are here to help.