The standard was first launched in 2014 and has become the first choice of security standard to help businesses protect themselves from Cyber Attacks. The latest question set reflects the changing nature of attacks and Government recommendations especially regarding passwords.
The standard comprises 5 disciplines that a business or organisation needs to implement and subsequently answer an online questionnaire about. These relate to Boundary Firewalls; Secure Configuration; Access Control; Malware Protection; and Patch Management. It is likely that some degree of preparation will be required by most businesses and organisations before the questionnaire can be answered appropriately.
A second level of standard is available called Cyber Essentials Plus which requires an additional Vulnerability Test to be independently carried out.
Research by Lancaster University and also by GCHQ deomonstrates the value in choosing to configure IT infrastructure to comply with the Cyber Essentials standard.
Since 1st October 2014 Central Government has made the standard mandatory for any contract that involves sensitive data. It is likely that many other Government bodies will seek to require the standard as part of a best practice approach. Likewise supply chains and regulatory bodies are considering how the standard could help suppliers and members respectively.