What Exactly Happens During the Cyber Essentials Plus Technical Audit?
This is one of the most frequently asked questions, what exactly happens during the Cyber Essentials Plus audit or sometimes we get asked ‘what is the exact process for Cyber Essentials Plus?’
There have been a few changes made to the framework in the year 2022 and 2023. The changes in 2022 were major and 2023 were not so much. However, one key change to note in 2023 is the mandatory requirement of 2FA across all cloud services for all the users and not just the admins which seem to be trip up lots of businesses. Here is our blog on Cyber Essentials Montpellier update.
Ok you have now achieved Cyber Essentials self-assessment and wondering what happens during the CE plus audit? Or maybe you are thinking about CE plus but not sure about the audit. No worries, you came to the right place. Here is what happens.
Step 1: Organisation Size
Step 2: Pick Cyber Essentials Package
Cyber Essentials Basic - CEB001
£300 + VAT
2 Days for Remediation
1 Day Turnaround
Guided Cyber Essentials - CEB002
£500 + VAT
Everything in CEB001 plus
Cyber Essentials Plus - CEP001
£1500 + VAT
Everything in CEB002 Plus
30 Day Remediation
Systems Audit (remote)
Guided CE Plus - CEP002
£2500 + VAT
Everything in CEP001 plus
Pre- systems Audit
Gap Analysis report
Once you achieve the CE self-assessment one of our assessors will organise the Technical Audit for CE plus. If you pass the technical audit for Cyber Essentials Plus then you will achieve the certification straightaway. The audit contains the following tests/assessments.
- Internal & External Vulnerability scans
- Email security test
- Browser security test
- File Execution test
- Malware protection test
- Evidence collection for 2FA and Mobile device operating systems
With the Internal & External vulnerability scan, we will only scan a sample amount of devices regardless of how many devices you may have. For example, you may have 1,000 devices but we will only scan 10-15 devices. These devices will be selected at random. The scanning will be done remotely. External scanning is done on your public IPs. We are expecting no unnecessary opened ports here. Here’s a link to our blog [How to pass Cyber Essentials Plus]
The rest of the tests are done on one of the company end user devices. An assessor will login with a remote logging in software and perform the tests. We have a sample amount of emails to send to carry out the email security test. All these emails have a sample malicious file(s) attached to them and we are expecting your email filter to take the necessary action.
Similar to the email security test we have sample malware to download and we are expecting your browser to take the necessary action to meet the Cyber Essentials criteria. By now, you get the gist. The process is the same or the File execution test and Malware Protection test. Here’s a link to our blog on [Cyber Essentials Plus requirements & checklist]
WRT to the mobile operating systems, IASME provides us a link where they have the latest supported operating systems and we assess your environment against the provided supported operating systems. If you are not sure it’s a good idea to keep your systems up-to-date.
Hope that helps. Please get in touch with us at firstname.lastname@example.org if you have any further questions or if you would like to achieve the certification.
Do check out our other blogs on Cyber Essentials & Cyber Essentials Plus certification
TechForce Cyber Welcomes Adam Morrison as New Business Development Manager
TechForce Cyber is thrilled to announce the newest addition to the team, Adam Morrison, who joins the business as the Business Development Manager.More
TechForce Cyber Responds to Ransomware Attack on Comhairle nan Eilean Siar
In response to the news yesterday that a ransomware attack on the IT systems of Comhairle nan Eilean Siar, TechForce Cyber, expresses deep concern for the disruption faced by the Western Isl...More
Safeguarding Your Digital Presence: Insights from a Marketing Viewpoint
In an era dominated by digital interactions and online transactions, the importance of protecting one's security cannot be overstated.More
Cyber-Attack Paralyzes British Library's Technology
In a significant blow to one of the world's largest libraries, the British Library is grappling with a major technology outage following a cyber-attackMore
FOR LATEST UPDATES SUBSCRIBE HERE: