The Plain English Version
Cyber Essentials is a UK government-backed certification scheme that covers five basic security controls. It is designed to help organisations protect themselves against the most common cyber attacks.
Many government contracts require it, and it demonstrates a baseline level of security to customers and partners. It is a good starting point - not comprehensive security, but essential foundations.
The Five Technical Controls
1. Firewalls: Boundary protection for your network
2. Secure Configuration: Removing unnecessary software, changing defaults
3. User Access Control: Managing who can access what
4. Malware Protection: Antivirus and anti-malware measures
5. Security Update Management: Keeping software patched
Cyber Essentials vs Cyber Essentials Plus
- Cyber Essentials: Self-assessment questionnaire verified by a certification body. Quicker and cheaper.
- Cyber Essentials Plus: Includes hands-on technical verification - auditors test your systems. More rigorous assurance.
Plus is increasingly requested by enterprise customers and for higher-value government contracts.
Recent Changes
Cyber Essentials now requires MFA for cloud services and accounts accessible from the internet. It also includes requirements for home workers and BYOD devices. The scope has expanded to reflect how businesses actually work today.
Getting Certified
Choose an IASME-approved certification body. Complete the self-assessment questionnaire honestly. For Plus, prepare for technical testing of your systems. Certification is valid for 12 months and must be renewed annually.