Cyber Essentials
HM Government Security Standards
Background
The Cyber Essentials (CE) standard was first launched in 2014 and has become the first choice of security standard to help businesses protect themselves from cyber attacks and to demonstrate their security approach to others. The certification is increasingly required when contracting with Government Bodies and participating in Supply Chains.
Requirements
The CE standard comprises 5 disciplines that an organisation needs to implement and these relate to Boundary Firewalls; Secure Configuration; Access Control; Malware Protection; and Patch Management. Essentially it is all about understanding the systems in use and making sure the configurations have been properly implemented.
How to gain CE
The CE certification is achieved by self-certifying compliance via an online portal submission. The requirements are set out in preparation document below.
The current question set is called Evendine and is available in our Downloads section. The question set will be replaced on 24th April 2023 by the new Montpellier question set which is also available in our Downloads section.
Getting started
The CE process is started by applying for an online portal account. The prices vary according to the organisation size, use this link to sign up - CE sign up options
Cyber Essentials Plus
A second level of standard is available called Cyber Essentials Plus which requires an independent assessment to be completed to a Test Specification issued by the National Cyber Security Centre as shown below. For more information and to request a quotation use this link - CE Plus Price.
CE Plus Test Specification
Jan 2022 V3.0
Understanding the processes
The two processes work together and the steps are shown in the image below.