What You Need to Know about Cyber Essentials Montpellier update
In April 2023, the National Cyber Security Centre (NCSC) introduced a new version of Cyber Essentials called Montpellier. This new version brings a few key changes compared to the older version, known as Evendine. In this blog post, we'll compare the two versions and highlight the differences.
The first change that stands out is the updated definition of "software." Montpellier now includes firmware in its scope of software, which covers operating systems, commercial off-the-shelf applications, plugins, interpreters, scripts, libraries, network software, and firewall and router firmware. This change was made because firewalls and routers are essential security devices, and their operating systems need to be kept up to date for optimal security.
Another significant change in Montpellier is the inclusion of asset management. Although asset management is not a specific Cyber Essentials control, it is a critical security function. By emphasising the importance of good asset management, Montpellier helps organisations to better protect their assets and reduce the risk of data breaches.
Montpellier also includes a link to the NCSC's BYOD (Bring Your Own Device) guidance. This addition provides further information and advice on the use of BYOD, which has become increasingly common in the workplace.
The third change is the clarification on including third-party devices. All end-user devices that an organisation owns and that are loaned to a third party must be included in the assessment scope. Montpellier includes a new table for clarity on this subject.
The device unlocking section has been updated in Montpellier to reflect that some configurations cannot be altered due to vendor restrictions. When the vendor does not allow configuration changes, it is essential to use the vendor's default settings to ensure optimal security.
The malware protection section has also been updated in Montpellier. It is now mandatory to ensure that a malware protection mechanism is active on all devices in scope. Additionally, Montpellier allows for the option to restrict the execution of applications to only approved applications that are restricted by code signing.
Montpellier also includes information on how using a zero-trust architecture affects Cyber Essentials. Zero-trust architecture is a security model that assumes that all users, devices, and applications are untrusted and need to be verified before being granted access to sensitive data or applications. By adopting a zero-trust architecture, organisations can better protect themselves against cyber-attacks.
Finally, Montpellier makes two-factor authentication (2FA) compulsory for all users on all cloud services instead of only admin accounts. 2FA adds an extra layer of security to the authentication process by requiring users to provide two forms of authentication instead of one.
In conclusion, Cyber Essentials Montpellier introduces several key changes that highlight the importance of good asset management, device security, and malware protection. The inclusion of firmware in the definition of software and the mandatory use of 2FA for all users on all cloud services are significant steps towards better cybersecurity. By following the guidelines outlined in Montpellier, organisations can better protect themselves against cyber-attacks and reduce the risk of data breaches.
Do check out our other blogs on Cyber Essentials & Cyber Essentials Plus certification
Step 1: Organisation Size
Step 2: Pick Cyber Essentials Package
Cyber Essentials Basic - CEB001
£300 + VAT
2 Days for Remediation
1 Day Turnaround
Guided Cyber Essentials - CEB002
£500 + VAT
Everything in CEB001 plus
Cyber Essentials Plus - CEP001
£1500 + VAT
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
Guided CE Plus - CEP002
£2500 + VAT
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
TechForce Cyber Welcomes Adam Morrison as New Business Development Manager
TechForce Cyber is thrilled to announce the newest addition to the team, Adam Morrison, who joins the business as the Business Development Manager.More
TechForce Cyber Responds to Ransomware Attack on Comhairle nan Eilean Siar
In response to the news yesterday that a ransomware attack on the IT systems of Comhairle nan Eilean Siar, TechForce Cyber, expresses deep concern for the disruption faced by the Western Isl...More
Safeguarding Your Digital Presence: Insights from a Marketing Viewpoint
In an era dominated by digital interactions and online transactions, the importance of protecting one's security cannot be overstated.More
Cyber-Attack Paralyzes British Library's Technology
In a significant blow to one of the world's largest libraries, the British Library is grappling with a major technology outage following a cyber-attackMore
FOR LATEST UPDATES SUBSCRIBE HERE: