Cyber Essentials Scheme
The UK Government’s Cyber Essentials Scheme is a set of controls and implementation guidance for basic cyber defence against which organisations can achieve different levels of certification. Certification can be used by organisations to demonstrate to their customers and business partners that industry-minimum cyber security measures are in place, and provide evidence to validate the organisation’s security posture. It addresses:
- 80% of typical common cyber risks.
- Vulnerabilities, weaknesses and exploits that are the root of most risks.
- Cyber incidents that are experienced by the majority of business.
The Cyber Essentials Scheme covers five key areas
All of the five requirements are recommended as part of the “SANS Top 20” controls, and the ISO27001 standard:
- Boundary Firewalls and Internet Gateways
- Secure Configuration
- Access Control
- Malware Protection
- Patch Management
There are currently two levels against which organisations can be certified:
Cyber Essentials (Stage 1) which relies on self-assessment.
Cyber Essentials Plus (Stage 2) which relies on an independent (on-site) audit.
Organisations must be assessed by an accredited certification body such as CST, and must successfully complete Stage 1 prior to proceeding to Stage 2.
Once an organisation has successfully passed an assessment against either level of the scheme’s requirements it will be awarded the relevant Cyber Essentials award or ‘badge’ and will need annual re-assessment.
How CST can assist
CST can help you complete Stage 1 and Stage 2, providing the guidance and support required, and ultimately certify you against the standard. CST carefully selected to operates under the ISAME Assessment body, meaning qualifying businesses receive Cyber Insurance (up to £25,000 Cyber Liability Insurance free of charge) as part of successful certification.
CSTL is registered by the IASME to assess and certify against the UK Government’s Cyber Essentials Scheme. We are also licensed to advise on achieving Cyber Essentials certification, as well as deliver Cyber Essentials PLUS and the IASME governance assessment and certification.