What is Cyber Essentials?

The Cyber Essentials scheme provides businesses small and large with clarity on good basic cyber security practice. By focusing on basic cyber hygiene, your company will be better protected from the most common cyber threats. Cyber Essentials certification is awarded on the basis of a verified self-assessment.
An organisation undertakes a review of their Cyber Security posture via an appropriate questionnaire, which is then approved by a company’s senior executive such as the CEO. This questionnaire is then verified by an independent Certification Body to assess whether a safe standard has been achieved, then certification can be awarded. This option offers a basic level of assurance and can be achieved at a very low cost.

Origin of Cyber Essentials

Cyber Essentials – Key Controls

Business Scope

To implement the five key controls, you will need to determine the scope of your business. Once you know the scope, you can apply this to each of the five key categories.

Access Control

User accounts, especially those with special admin rights have the highest level of access to sensitive information. Find out how you can protect against misuse of these special privileges

Boundary Firewalls

Firewalls are used to stop intruders and cyber attackers from gaining access to your sensitive data. Boundary firewalls protect your computers from internet based attacks

Malware Protection

Viruses, worms and spywares are a major threat to your business. These malware can leave your computers vulnerable to malicious software and cyber attacks

Patch Management

Vulnerabilities are inherent in all types of everyday software, and new threats are being discovered on a daily basis. Patch management and keeping your systems up to date is vital

Secure Configuration

Configuring your computers and network devices such as routers is crucial to the security of your systems. The default settings need proper configuration for optimal security

How Do You Get Certified?

The first step to getting certified is completing the Cyber Essentials Questionnaire. The questions are designed to demonstrate that your organisation is complying with the Cyber Essentials guidelines. After the completed questionnaire is signed off by a senior executive from your company, then the questionnaire must be verified by an external assessor. If your application is successful, your organisation can be awarded the Cyber Essentials Badge.
A list of Certifying Bodies can be found here.

Download the FREE original documents from the links below

– Cyber Essentials Summary
– Cyber Essentials Requirements
– Cyber Essentials Assurance Framework
– Cyber Essentials Common Questionnaire

This document has been prepared with the assistance of the IASME Consortium Ltd and CREST (GB) Ltd, and is derived from work carried out by those organisations under contract to HMG (BIS, CESG, Cabinet Office) during the development of the Cyber Essentials Scheme.

To Top