Cyber Essentials Plus certification requirements 2023

Although Cyber Essentials certification has been around for a while it's becoming more prominent among the businesses recently. We have been getting increased amount of enquiries about the certification of late. There is lots of information available on the NCSC website, IASME website and internet in general and yet many organisations are not clear on what exactly is needed in order to achieve the certification. We made a checklist a few years ago which was very popular and we now updated the checklist for 2023. Please note there will be changes coming to Cyber Essentials scheme in April 2023 and we will be updating this blog accordingly.


So what's needed to pass the certification? Here is the checklist. You can also download the PDF version here. There are essentially 5 different security controls in the framework and if you tick all the boxes below you are pretty much ready to achieve the certification. Here they are

DOWNLOAD THE CYBER ESSENTIALS PLUS REQUIREMENTS 2023 PDF COPY


1. FIREWALLS

  • Default passwords are changed
  • Unnecessary ports are closed
  • Port opening process documented
  • IP allow list for Remote access or MFA enabled
  • Unauthenticated inbound traffic blocked
  • Removed unnecessary firewall rules
  • Protecting devices offsite/home-based workers
  • Document business case for any new services


2. SECURE CONFIGURATION

  • Changed the default login credentials
  • Removed the unnecessary software
  • Disabled the unused user accounts
  • Enforced strong password policy
  • Disabled the auto-run feature
  • Set-up device locking
  • Have protection against brute-force attack

GET CERTIFIED TODAY WITH FIXED COST

Step 1: Organisation Size

Step 2: Pick Cyber Essentials Package

  • Cyber Essentials Basic - CEB001

    £320 + VAT

    Self-Assessment

    2 Days for Remediation

    1 Day Turnaround

    £25k Cyber Insurance*

    The package explained

    *Insurance details are on IASME website

  • Guided Cyber Essentials - CEB002

    £670 + VAT

    Everything in CEB001 plus

    Pre-assessment

    Online/Phone Support


    *Insurance details are on IASME website

  • Cyber Essentials Plus - CEP001

    £1500 + VAT

    Everything in CEB002 Plus

    30 Day Remediation

    Systems Audit (remote)

    *Insurance details are on IASME website

  • Guided CE Plus - CEP002

    £2900 + VAT

    Everything in CEP001 plus

    Pre- systems Audit

    Gap Analysis report

    -

    MOST POPULAR

    *Insurance details are on IASME website


3. SECURITY UPDATE MANAGEMENT

  • Automatic updates enabled where possible
  • All operating systems are up to date
  • No outdated or unsupported software exist
  • Software properly licensed for business
  • Mobile device software is up to date
  • Internet browser and malware protection must be kept up to date


4. USER ACCESS CONTROLS

  • Have a policy for joiners and leavers
  • Have a policy for setting user permissions
  • Separate accounts for admin tasks
  • Review admin accounts regularly
  • Apply MFA to all cloud services that support MFA
  • Encourage users to use strong/unique passwords
  • Brute force protection for user accounts
  • Train your users to use strong passwords
  • All Cloud services MUST have MFA


5. MALWARE PROTECTION

  • An antivirus is installed on all hosts
  • Antivirus software is regularly updated
  • Prevent malware from running
  • Prevent connections to malicious web pages
  • Application allow listing is being used


Hope this information helps. Check out our other blogs on Cyber Essentials Plus process, lead times and FAQs. Do get in touch if you are looking to achieve the certification.

Related Articles

CONTACT US TODAY:

Back to start
aberdeen skyline graphic
x