Cyber Essentials Plus certification requirements 2023
Although Cyber Essentials certification has been around for a while it's becoming more prominent among the businesses recently. We have been getting increased amount of enquiries about the certification of late. There is lots of information available on the NCSC website, IASME website and internet in general and yet many organisations are not clear on what exactly is needed in order to achieve the certification. We made a checklist a few years ago which was very popular and we now updated the checklist for 2023. Please note there will be changes coming to Cyber Essentials scheme in April 2023 and we will be updating this blog accordingly.
So what's needed to pass the certification? Here is the checklist. You can also download the PDF version here. There are essentially 5 different security controls in the framework and if you tick all the boxes below you are pretty much ready to achieve the certification. Here they are
DOWNLOAD THE CYBER ESSENTIALS PLUS REQUIREMENTS 2023 PDF COPY
1. FIREWALLS
- Default passwords are changed
- Unnecessary ports are closed
- Port opening process documented
- IP allow list for Remote access or MFA enabled
- Unauthenticated inbound traffic blocked
- Removed unnecessary firewall rules
- Protecting devices offsite/home-based workers
- Document business case for any new services
2. SECURE CONFIGURATION
- Changed the default login credentials
- Removed the unnecessary software
- Disabled the unused user accounts
- Enforced strong password policy
- Disabled the auto-run feature
- Set-up device locking
- Have protection against brute-force attack
GET CERTIFIED TODAY WITH FIXED COST
Step 1: Organisation Size
Step 2: Pick Cyber Essentials Package
Cyber Essentials Basic - CEB001
£320 + VAT
*Insurance details are on IASME website
Guided Cyber Essentials - CEB002
£670 + VAT
Everything in CEB001 plus
Pre-assessment
Online/Phone Support
*Insurance details are on IASME website
Cyber Essentials Plus - CEP001
£1500 + VAT
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
*Insurance details are on IASME website
Guided CE Plus - CEP002
£2900 + VAT
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
-
MOST POPULAR
*Insurance details are on IASME website
3. SECURITY UPDATE MANAGEMENT
- Automatic updates enabled where possible
- All operating systems are up to date
- No outdated or unsupported software exist
- Software properly licensed for business
- Mobile device software is up to date
- Internet browser and malware protection must be kept up to date
4. USER ACCESS CONTROLS
- Have a policy for joiners and leavers
- Have a policy for setting user permissions
- Separate accounts for admin tasks
- Review admin accounts regularly
- Apply MFA to all cloud services that support MFA
- Encourage users to use strong/unique passwords
- Brute force protection for user accounts
- Train your users to use strong passwords
- All Cloud services MUST have MFA
5. MALWARE PROTECTION
- An antivirus is installed on all hosts
- Antivirus software is regularly updated
- Prevent malware from running
- Prevent connections to malicious web pages
- Application allow listing is being used
Hope this information helps. Check out our other blogs on Cyber Essentials Plus process, lead times and FAQs. Do get in touch if you are looking to achieve the certification.
Related Articles
CONTACT US TODAY:
