What You Need to Know about Cyber Essentials Montpellier update
In April 2023, the National Cyber Security Centre (NCSC) introduced a new version of Cyber Essentials called Montpellier. This new version brings a few key changes compared to the older version, known as Evendine. In this blog post, we'll compare the two versions and highlight the differences.
DOWNLOAD THE CYBER ESSENTIALS MONTPELLIER CHECKLIST HERE
The first change that stands out is the updated definition of "software." Montpellier now includes firmware in its scope of software, which covers operating systems, commercial off-the-shelf applications, plugins, interpreters, scripts, libraries, network software, and firewall and router firmware. This change was made because firewalls and routers are essential security devices, and their operating systems need to be kept up to date for optimal security.
Another significant change in Montpellier is the inclusion of asset management. Although asset management is not a specific Cyber Essentials control, it is a critical security function. By emphasising the importance of good asset management, Montpellier helps organisations to better protect their assets and reduce the risk of data breaches.
Montpellier also includes a link to the NCSC's BYOD (Bring Your Own Device) guidance. This addition provides further information and advice on the use of BYOD, which has become increasingly common in the workplace.
The third change is the clarification on including third-party devices. All end-user devices that an organisation owns and that are loaned to a third party must be included in the assessment scope. Montpellier includes a new table for clarity on this subject.
The device unlocking section has been updated in Montpellier to reflect that some configurations cannot be altered due to vendor restrictions. When the vendor does not allow configuration changes, it is essential to use the vendor's default settings to ensure optimal security.
The malware protection section has also been updated in Montpellier. It is now mandatory to ensure that a malware protection mechanism is active on all devices in scope. Additionally, Montpellier allows for the option to restrict the execution of applications to only approved applications that are restricted by code signing.
DOWNLOAD THE CYBER ESSENTIALS MONTPELLIER QUESTIONNAIRE HERE
National Cyber Security Centre states that Montpellier also includes information on how using a zero-trust architecture affects Cyber Essentials. Zero-trust architecture is a security model that assumes that all users, devices, and applications are untrusted and need to be verified before being granted access to sensitive data or applications. By adopting a zero-trust architecture, organisations can better protect themselves against cyber-attacks.
Finally, Montpellier makes two-factor authentication (2FA) compulsory for all users on all cloud services instead of only admin accounts. 2FA adds an extra layer of security to the authentication process by requiring users to provide two forms of authentication instead of one.
In conclusion, Cyber Essentials Montpellier introduces several key changes that highlight the importance of good asset management, device security, and malware protection. The inclusion of firmware in the definition of software and the mandatory use of 2FA for all users on all cloud services are significant steps towards better cybersecurity. By following the guidelines outlined in Montpellier, organisations can better protect themselves against cyber-attacks and reduce the risk of data breaches.
Do check out our other blogs on Cyber Essentials & Cyber Essentials Plus certification
Step 1: Organisation Size
Step 2: Pick Cyber Essentials Package
Cyber Essentials Basic - CEB001
£300 + VAT
*Insurance details are on IASME website
Guided Cyber Essentials - CEB002
£500 + VAT
Everything in CEB001 plus
Pre-assessment
Online/Phone Support
*Insurance details are on IASME website
Cyber Essentials Plus - CEP001
£1500 + VAT
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
*Insurance details are on IASME website
Guided CE Plus - CEP002
£2500 + VAT
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
-
MOST POPULAR
*Insurance details are on IASME website
Related Articles
TechForce Cyber Responds to Cyber Gang Accused of Industrial Fraud
This morning it was reported that police have arrested 37 people worldwide that have been accused of using services to create fake text messages that would purposely steal from victims.
More
TechForce Cyber Clinches Prestigious Best Client Support Business Award
TechForce Cyber, a leading cybersecurity solutions provider, proudly announces its latest award: Best Client Support Business Award from Business Awards UK.
More
What It's Really like Being a CISO At A FTSE250 Tech Company
Join us for an exclusive event that shines a light on the high-stakes world of cybersecurity from the perspective of a Chief Information Security Officer (CISO) at a leading FTSE250 technolo...
More
One Year In as a Marketer for TechForce Cyber
Embarking on the journey of becoming one of the pioneering Digital Marketing graduates in Scotland has been an exhilarating endeavour.
More
FOR LATEST UPDATES SUBSCRIBE HERE:
