Cyber essentials

Cyber Essentials scheme is one of the actions under the UK Government policy “Keeping the UK safe in cyber space“.

The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions.

• It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security.
• And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.

Documents

• Cyber Essentials Scheme: Summary
  • 
  • Cyber Essentials concentrates on five key controls :
    • Boundary firewalls and internet gateways
    • Secure configuration
    • Access control
    • Malware protection
    • Patch management
  • The two levels of certification, Cyber Essentials, and Cyber Essentials Plus are set out:
    • Cyber Essentials certification is awarded on the basis of a verified self-assessment.
    • CyberEssentials Plus offers a higher level of assurance through the external testing of the organisation’s cyber security approach.
• Cyber Essentials Scheme: Requirements for basic technical protection from cyber attacks
• Cyber Essentials Scheme: Assurance Framework
  • 

Other links

• Cyber security guidance for business
  • 10 steps to cyber security: advice sheets
  • 
• Cyber Essentials Implementation Guide

• List of Cyber Essentials certified companies through CREST
• Questionnaire
• Self assessment questions
• Cyber Security Challenge UK
  • The Cyber Security Challenge is a series of national competitions, learning programmes, and networking initiatives designed to identify, inspire and enable more EU citizens resident in the UK to become cyber security professionals.