Cyber Essentials
Cyber Essentials, commonly referred to as simply CE, is a cyber security compliance scheme that is backed by the UK Government. Launched in 2014, the scheme provides a clear framework of basic security controls to safeguard sensitive data and systems from cyber threats, and can be implemented by any business, regardless of industry or size. The is managed by the National Cyber Security Centre (NCSC) and delivered through its partner, IASME, which oversees the certification process and keeps a record of all businesses that have been certified.
The certification focuses on five key technical areas (also referred to as controls.) These are:
Firewalls: Establishing secure defences between trusted internal networks and unverified external networks.
Secure Configuration: Ensuring systems are configured securely to reduce vulnerabilities.
User Access Control: Restricting access to data and services to authorised users only.
Malware Protection: Implementing measures to detect and prevent malicious software.
Security Update Management: Applying updates and patches promptly to protect against known vulnerabilities.
There are two levels of Cyber Essentials certification:
The basic Cyber Essentials standard is an independently verified self-assessment where organisations complete an online questionnaire, which is then reviewed by a qualified assessor. The more advanced standard, Cyber Essentials Plus, requires an independent assessor to verify that the answers given in the questionnaire are actually implemented within the business through an on-site penetration test.
Though Cyber Essentials is considerably less technically complex or rigorous when compared to other security standards, the certification has gained traction over the last few years as a good foundational standard for small to medium sized businesses, and those looking to improve their cyber security posture. Holding a valid certification demonstrates that your business basic security practices in place, and even allows organisations to bid on Government and public sector contracts.
The certification focuses on five key technical areas (also referred to as controls.) These are:
Firewalls: Establishing secure defences between trusted internal networks and unverified external networks.
Secure Configuration: Ensuring systems are configured securely to reduce vulnerabilities.
User Access Control: Restricting access to data and services to authorised users only.
Malware Protection: Implementing measures to detect and prevent malicious software.
Security Update Management: Applying updates and patches promptly to protect against known vulnerabilities.
There are two levels of Cyber Essentials certification:
The basic Cyber Essentials standard is an independently verified self-assessment where organisations complete an online questionnaire, which is then reviewed by a qualified assessor. The more advanced standard, Cyber Essentials Plus, requires an independent assessor to verify that the answers given in the questionnaire are actually implemented within the business through an on-site penetration test.
Though Cyber Essentials is considerably less technically complex or rigorous when compared to other security standards, the certification has gained traction over the last few years as a good foundational standard for small to medium sized businesses, and those looking to improve their cyber security posture. Holding a valid certification demonstrates that your business basic security practices in place, and even allows organisations to bid on Government and public sector contracts.
Updated on: 19/02/2025
Thank you!