Search

Cyber Essentials gets biggest update to technical controls since launch

In the new year, the NCSC and IASME will implement an updated set of requirements for Cyber Essentials.


This update will be the biggest overhaul of the scheme’s technical controls since it was launched in 2014 and comes in response to the cyber security challenges organisations now regularly face.


The way we work has changed dramatically over a short period of time. The additional risks brought about by rapid digital transformation and the adoption of cloud-based services has been compounded by the move to home-working.


The impending refresh reflects these changes and signals a more regular review of the scheme’s technical controls.


The NCSC and IASME recently completed a major technical review of the scheme, the results of which have informed the updated requirements that will soon help organisations maintain their basic cyber hygiene, providing reassurance for their customers and their supply chain.


These include revisions around cloud services, as well as home-working, multi-factor authentication, password management and security updates. The controls, which have been updated with direct input from the NCSC’s and IASME’s technical experts, also align Cyber Essentials closer to other initiatives and guidance, including Cyber Aware.



The new version of the Cyber Essentials technical requirements will be implemented for new assessment accounts from January 24, 2022. However, any assessment account that is already active before the 24th will continue to use the current technical standard. This means that any time and effort already invested will not be wasted.


Such assessments will have 6 months to complete from January 24, 2022. In recognition of the extra effort that may be involved for some organisations, there will be a period of grace of up to 12 months for some of the requirements. The new requirements document and new question set is now published on the IASME website. Additional advice and guidance will be published in due course. The Cyber Essentials Readiness Tool will also be updated accordingly to reflect the new controls from January 24.

What is Cyber Essentials?

A simple but effective government-backed scheme, Cyber Essentials helps organisations, whatever their size, guard against a whole range of the most common cyber threats. Not only does this reassure organisations and customers that their systems are secured against basic cyber-attacks, but Government contracts also often require this basic certification too.

Cyber Essentials will:

  • Reassure customers that you are working to secure your IT against cyber attack

  • Attract new business with the promise you have cyber security measures in place

  • Give a clear picture of your organisation's cyber security level

  • Enable you to bid for some Government contracts


More information about the scheme can be found at www.iasme.co.uk.


 

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

 

The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.