While the sophistication of cyberattacks can vary, most often they are basic and predictable. By employing the right security practices, the information inherent in the organisation stands defensible and free from intruders’ hands.
The Cyber Essentials scheme is conclusively designed to mitigate common cyberattacks by promoting the implementation of five security controls.
The five basic security controls of the Cyber Essentials
scheme that enable organizations to prevent common
cyberattacks are:
Use a firewall to ensure that all your
systems, networks, and devices are protected against incoming threats.
Prioritize security settings for all your
systems and devices over ease of use.
Deploy patches or security updates periodically to protect your systems and applications against cybersecurity vulnerabilities.
Provide employees with the access rights
they need to fulfil their roles only.
Enforce measures like application allowlisting
and restricting access to unsecure websites to avoid malware attacks.
Considering evolving technologies and work environment changes due to the pandemic, the NCSC revised the Cyber Essentials scheme in January 2022.
While the five technical controls mentioned above remain the same aside from being reordered, new requirements for using BYOD and cloud services, remote work, password management policies, and multi-factor authentication for on-premises and cloud services have been added.
Apart from the significant revisions of 2022, other recent clarifications on technical controls and guidance were provided in 2023.
Devices used for remote work, Platform as a Service solutions, Software as a Service solutions, thin clients, servers, end-user devices, (including those loaned to third parties, i.e., mobile phones, laptops, and desktops), and wireless devices operating through the internet are now considered for assessment under the Cyber Essentials scheme.
Instructions on anti-malware measures, proper device configurations, additions to the assessment question set, the importance of asset management, and the Zero Trust model are all included in the 2023 guidance.
The updated technical requirements and question set went into effect April 24, 2023, meaning organisations applying to be certified on or after the mentioned date must align with the revisions of 2022 and 2023.
ManageEngine is Cyber-Essentials-certified; the scope includes ManageEngine's UK and EU data centers as well as all cloud service offerings and their corresponding administrative networks, and excludes all other networks of ManageEngine.
Our suite of IT management solutions can help your organization meet the Cyber Essentials security control requirements.
Download ManageEngine's Cyber Essentials guide to get:
Here's a list of critical compliance regulations, data protection mandates, and relevant ManageEngine offerings.
Explore nowThe complete implementation of the Cyber Essentials scheme requires a variety of solutions, processes, people, and technologies. The solutions mentioned in our guide are some of the ways in which IT management tools can help with the Cyber Essentials requirements. Coupled with other appropriate solutions, processes, and people, ManageEngine’s solutions help implement the Cyber Essentials. This material is provided for informational purposes only and should not be considered as legal advice for the Cyber Essentials implementation. ManageEngine makes no warranties, express, implied, or statutory, as to the information in this material.