What is Cyber Essentials?
Backed by the Government, Cyber Essentials is a scheme which aims to helps businesses protect themselves from the most common cyber attacks. The scheme incorporates cyber essentials assessment tools, arming firms with the knowledge and understanding to implement policies and controls designed to identify vulnerabilities and implement measures.
Whilst there are a vast array of cyber attacks and associated scams, many are similar and basic in their nature. This means that the Cyber Essentials scheme is straightforward and can be used to assess existing controls and measures, thereby strengthening a company’s IT defenses.
Linked Article – What Are GDPR Technical and Organisational Measures?
Tools for Assessing Cyber Essentials Compliance
The IASME have an abundance of guidance to prepare for the Cyber Essentials Certification. Their readiness tool is available online via their website and walks you through the Cyber Essentials criteria and requirements.
The free self assessment questionnaire can help gain a better understanding of whether you are ready to apply for certification. You will also need to understand the scope of assessment and 5 main technical controls.
1. Firewalls
2. Secure configuration
3. Security update management
4. User access control
5. Malware protection
There are a number of Government and IASME publications and guidance pages that are both extensive and useful. In addition to the self assessment questions and readiness tool, the Cyber Essentials Requirements for IT Infrastructure v3.1 sets out the 3 main actions a firm should take when preparing for certification.
- Establish the boundary of scope and then determine what is in scope within this boundary.
- Review each of the five technical control themes and their requirements.
- Take the necessary steps to ensure the requirements are met within the defined scope.
What’s New in Cyber Essentials V3.1
The latest version of the Cyber Essentials Certification scheme was released in April 23. The original self assessment question set, referred to as ‘Evendine’, has now been replaced by the ‘Montpellier’ set. Many of the questions and criteria remain the same, however version 3.1 includes some minor changes.
The Cyber Essentials V3.1 infrastructure provides additional clarity in certain areas, such as where firmware is in scope. Further guidance on the importance of asset management has also been included. With so many people now working from home or remotely, the latest version also addresses guidance for ‘Bring Your Own Device’ (BYOD) and third party devices.
Cyber Essentials & Information Security Templates
If you are going through or considering a Cyber Essentials Certification, there is no need to write policies and procedures from scratch. Know Your Compliance Limited have been providing Data Protection and Information Security policies and templates for over 10 years. With more than 8500 organisations using our documents, you can be assured of getting professional, compliant templates.
Our market leading Information Security Template Toolkit contains 15 policies, templates and tools. It can help firms with general information security compliance as well as providing valuable policies for Cyber Essentials and ISO27001 certification. The toolkit contains:-
- Information Security Gap Analysis Checklist
- Information Security Policy
- Remote Access & BYOD Policy
- Asset Management Policy
- Business Continuity Plan Template
- Information Asset Register Template
- Non-Discsoure Agreement Template
- Firewall Policy
- Data Breach Policy & Procedures
- Secure Disposal Policy
- Breach Incident Form Template
- Access Control & Password Policy
- Clear Desk & Screen Policy
- Anti-Virus & Malware Policy
- Email Usage & Archive Policy