The Cyber Essentials Scheme has been developed by the UK Government and industry to define a standard, which outlines basic controls all organisations should implement to mitigate the risk from common Internet based threats. Organisations can demonstrate their compliance with these standards by obtaining a Cyber Essentials certification. The scheme was launched in late 2014 and was quickly adopted, with many UK Government supply chains requiring their suppliers to be Cyber Essentials Certified. The requirement for Cyber Essentials is increasingly being seen in tender documents.
Cyber Essentials was born out of the UK Government’s National Cyber Security Strategy aim of making the UK a safer place to do business. The scheme is based on CESG’s ‘10 steps to Cyber Security’ Guidance but also incorporates guidance from other key standards and bodies, including ISO 27001, IASME (Information Assurance for SMEs) and the BSI (British Standards Institute). It has been developed with technical input from information security industry bodies such as CREST.
The scheme aims to develop a baseline standard of security in the UK and is therefore intended to be accessible to companies of all sizes.
Cyber Essentials focusses on the following core areas:
- Boundary firewalls and Internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Further information on the Cyber Essentials Scheme can be found on the UK Government website.
As an independent technical information assurance consultancy, 7 Elements is well placed to support your organisation through the process of gaining Cyber Essentials certification.