Cyber Essentials: What It Covers and How We Help

Cyber Essentials: What It Covers and How We Help

Cyber Essentials is a UK government-backed certification scheme that helps organisations protect against the most common cyber threats. It is increasingly required for government contracts and demonstrates a baseline level of cyber hygiene to clients and partners.

The Five Controls

1. Firewalls: Network boundary protection — controlling what traffic is permitted in and out
2. Secure configuration: Removing unnecessary software, disabling unused features, changing default credentials, and applying security settings to all devices
3. User access control: Limiting user accounts to the access they need, using strong authentication, and removing accounts when no longer needed
4. Malware protection: Anti-malware on all devices, application allowlisting or sandboxing, preventing execution of malicious code
5. Patch management: Keeping operating systems, firmware, and applications up to date with security patches — within 14 days of release for critical patches

Cyber Essentials vs. Cyber Essentials Plus

Cyber Essentials is a self-assessment, verified by a certification body. Cyber Essentials Plus involves independent technical verification of the controls by a qualified assessor. Plus is recommended for organisations handling sensitive data or requiring higher assurance.

How We Help

We can: design systems that meet Cyber Essentials requirements from the outset, provide evidence documentation for your certification application, and help you remediate findings from a Cyber Essentials assessment.