Learn about the requirements for Cyber Essentials and Cyber Essentials Plus certification and understand the difference between the two levels of certification.
What is Cyber Essentials Certification?
Cyber Essentials is a UK government-backed scheme that helps businesses, public sector and non-profit organisations protect themselves against cyber-attacks. The scheme provides a set of guidelines and requirements that organisations need to follow to ensure that they have the basic level of cyber security measures in place. Cyber Essentials certification is designed to help organisations demonstrate their commitment to cybersecurity and reduce their risk of cyber breaches.
What is Cyber Essentials Plus Certification?
Cyber Essentials Plus is a higher level of certification that builds upon the requirements of Cyber Essentials. It includes a more rigorous and in-depth assessment of an organisation’s cybersecurity measures, rather than just the self-assessment questionnaire required for Cyber Essentials.
Cyber Essentials Plus certification involves a thorough testing of an organisation’s systems and processes, including vulnerability scanning, penetration testing, and other tests to ensure that the organisation’s security measures are effective.
Requirements for Cyber Essentials Certification
To obtain Cyber Essentials certification, organisations must meet the following requirements:
- Secure Configuration: Ensure that all systems are configured securely and unnecessary services are disabled or removed.
- Boundary Firewalls and Internet Gateways: Ensure that there is a firewall in place to protect the organisation’s network from unauthorised access.
- Access Controls: Control who has access to systems and data, and ensure that passwords are strong and regularly updated.
- Patch Management: Keep all software up to date and ensure that security patches are applied promptly.
- Malware Protection: Ensure that anti-malware software is installed and up to date.
Requirements for Cyber Essentials Plus Certification
To obtain Cyber Essentials Plus certification, organisations must meet all the requirements for Cyber Essentials certification, as well as the following additional requirements:
- Internal Network Testing: Perform internal vulnerability scans and penetration testing to ensure that the internal network is secure.
- External Network Testing: Perform external vulnerability scans and penetration testing to ensure that the organisation’s external network is secure.
- Web Application Testing: Perform web application vulnerability testing to ensure that any web applications are secure.
- Independent Assessment: Have an independent assessor verify that the organisation’s cyber security measures meet the requirements for Cyber Essentials Plus certification.
Cyber Essentials Plus is worthwhile for many organisations
In conclusion, Cyber Essentials and Cyber Essentials Plus certification are two levels of certification that organisations can obtain to demonstrate their commitment to cybersecurity. Cyber Essentials provides a basic level of cybersecurity measures, while Cyber Essentials Plus includes a more thorough assessment of an organisation’s cybersecurity measures.
Cyber Essentials Plus is clearly more onerous to achieve, but vital for organisations which handle particularly sensitive data, financial transactions or operate in areas that are more likely to attract cyber attacks.
By obtaining these certifications, organisations can reduce their risk of cyber breaches and demonstrate to their customers and partners that they take cyber security seriously.
Useful links
Your IASME Cyber Essentials Checklist
Cyber Essentials Certification: Make Sure Your Security Is Good Enough