WHAT IS CYBER ESSENTIALS?
Cyber Essentials (CE) is a government-backed cyber security certification scheme that sets out a baseline of cyber security suitable for all organisations. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of cyber attacks.
The certification can server as a valuable indicator that the organisation has taken the necessary measures to reduce the risk of a cyber attack.
The scheme focuses on the following five essential mitigation strategies:
- Boundary Firewalls and Internet Gateways
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
A set of 5 key controls which will provide cost-effective, basic cyber security for organisations of all sizes:
Secure Configuration
Boundary firewalls and internet gateways
Access control and administrative privilege management
Patch management
Malware protection
“80% of cyber attacks could be prevented if businesses put simple security controls in place”. (GCHQ, 2015)
Why does my business need Cyber Essentials?
Apart from implementing good practice for Cyber Security and protecting your organisation, it is mandatory for anyone in the supply chain of central government to be Cyber Essentials certified. Enterprise businesses are now asking for organisations to be Cyber Essentials certified in order to qualify for tendering opportunities.
- Basic security controls that organisations can implement to mitigate against common threats.
- A shared vocabulary whereby a company can demonstrate to customers and other external bodies that they have taken essential precautions against cyber risks.
- Anyone in the Central Government supply chain will be required to be Cyber Essentials Scheme compliant.
Two levels of certification
CYBER ESSENTIALS
The Cyber Essentials certification process includes a self-assessment questionnaire (SAQ) This is coupled with vulnerability scans depending on how many devices are presenting themselves to the outside world.
CYBER ESSENTIALS PLUS
Cyber Essentials Plus certification includes all of the Cyber Essentials elements, together with an increased level of examination provided by onsite evaluations of endpoint security.
It Provides a higher level of internal and external assurance as it involves a more hands on approach by a certification body.
The Cyber Essentials process

Systems in scope for certification are decided between the organisation and the certifying body.

The organisation fills in a questionnaire to self-assess their implementations of the Cyber Essentials control themes

Certifying body scores the questionnaire and vulnerability scan and determines a pass/fail result.

Certifying body issues the certificate.