What is Cyber Essentials?

Posted by Andrew Ogilvie in Security

Cyber Essentials is an IT security accreditation scheme that since October 2014 has been mandatory for suppliers bidding for UK Government contracts which involve handling personal and providing many ICT products and services.

Cyber Essentials sets out five security controls to protect against the most common cyber threats.

There are two levels of badges that you can apply for:

Cyber Essentials
This level requires the organisation to complete a self-assessment questionnaire, with responses independently reviewed by an external certifying body.

Cyber Essentials PLUS
This level covers the same requirements as Cyber Essentials but an external certifying body will test that the five key controls are working by simulating hacking and phishing attacks.

The Cyber Essentials documents are free to download and any organisation can use them to put essential security controls in place.

Cyber Essentials is intended for all organisations, of all sizes, in all sectors. It is not limited to companies in the private sector, but is also applicable to universities, charities and public sector organisations.

Cyber Essentials requires your organisation to have five technical controls in place:

  • Boundary firewalls and gateways - configuration of devices to  prevent unauthorised access to or from private networks
  • Secure configuration - ensure systems are setup securely
  • User Access control - restricting access only to those who need it and at the appropriate level
  • Malware protection - anti-virus and malware software is installed and up to date
  • Patch management - the latest supported version of applications is used and all necessary patches have been applied

The Cyber Essentials badges allow your company to advertise the fact that it adheres to a government endorsed standard.

More information from: