Cyber Essentials is the UK’s National Cyber Secure Centre’s backed scheme to protect all organisations no matter their size against the most common internet-based attacks. Cyber Essentials is a verified self-assessment certification scheme. The certification is renewable annually.
The NCSC has set out the background to the scheme in its Cyber Essentials: Requirements for IT Infrastructure v3.1. The scheme looks at five key areas: Firewalls, secure configuration, Security Update management, User Access control and Malware Protection. These control will reduce the impact of commodity cyber attacks from the internet.
Cyber Essentials Plus must be carried out within 3 months of completing the Cyber Essentials certification. The audit can be carried out on-site or remotely.
The assessment includes vulnerability scans of the organisation’s scoped infrastructure, where a sample of devices that represents the organisation’s infrastructure is tested. This will include servers, desktop computers, laptops, thin clients, tablets, and mobile phones, with each type of Operating System being tested. Auditors will observe users carrying out everyday tasks on a set of sampled devices.
Each sampled device will have the following checks carried out:
Forti5 Technologies is able to aid organisations to become certified. Many organisations need advice and support to complete the assessment process. The level of support will vary depending on the level of IT expertise in the company. The cost of the Cyber Essentials certification is set by NCSC, however, the cost of Cyber Essentials Plus will depend on the size and complexity of the network. We will supply quotes for both the support and certification.