In the new year, the NCSC and IASME will implement an updated set of requirements for Cyber Essentials.
This update will be the biggest overhaul of the scheme’s technical controls since it was launched in 2014 and comes in response to the cyber security challenges organisations now regularly face.
The way we work has changed dramatically over a short period of time. The additional risks brought about by rapid digital transformation and the adoption of cloud-based services has been compounded by the move to home-working.
The impending refresh reflects these changes and signals a more regular review of the scheme’s technical controls.
The NCSC and IASME recently completed a major technical review of the scheme, the results of which have informed the updated requirements that will soon help organisations maintain their basic cyber hygiene, providing reassurance for their customers and their supply chain.
These include revisions around cloud services, as well as home-working, multi-factor authentication, password management and security updates. The controls, which have been updated with direct input from the NCSC’s and IASME’s technical experts, also align Cyber Essentials closer to other initiatives and guidance, including Cyber Aware.
The new version of the Cyber Essentials technical requirements will be implemented for new assessment accounts from January 24, 2022. However, any assessment account that is already active before the 24th will continue to use the current technical standard. This means that any time and effort already invested will not be wasted.
Such assessments will have 6 months to complete from January 24, 2022. In recognition of the extra effort that may be involved for some organisations, there will be a period of grace of up to 12 months for some of the requirements. The new requirements document and new question set is now published on the IASME website. Additional advice and guidance will be published in due course. The Cyber Essentials Readiness Tool will also be updated accordingly to reflect the new controls from January 24.
What is Cyber Essentials?
A simple but effective government-backed scheme, Cyber Essentials helps organisations, whatever their size, guard against a whole range of the most common cyber threats. Not only does this reassure organisations and customers that their systems are secured against basic cyber-attacks, but Government contracts also often require this basic certification too.
Cyber Essentials will:
Reassure customers that you are working to secure your IT against cyber attack
Attract new business with the promise you have cyber security measures in place
Give a clear picture of your organisation's cyber security level
Enable you to bid for some Government contracts
More information about the scheme can be found at www.iasme.co.uk.
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to email@example.com. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).