Cyber Essentials gets biggest update to technical controls since launch


In the new year, the NCSC and IASME will implement an updated set of requirements for Cyber Essentials. This update will be the biggest overhaul of the scheme’s technical controls since it was launched in 2014 and comes in response to the cyber security challenges organisations now regularly face. The way we work has changed dramatically over a short period of time. The additional risks brought about by rapid digital transformation and the adoption of cloud-based services has been compounded by the move to home-working. The impending refresh reflects these changes and signals a more regular review of the scheme’s technical controls. The NCSC and IASME recently completed a major technical review of the scheme, the results of which have informed the updated requirements that will soon help organisations maintain their basic cyber hygiene, providing reassurance for their customers and their supply chain. These include revisions around cloud services, as well as home-working, multi-factor authentication, password management and security updates. The controls, which have been updated with direct input from the NCSC’s and IASME’s technical experts, also align Cyber Essentials closer to other initiatives and guidance, including Cyber Aware. Many of the changes are based on feedback from assessors and applicants, as well as consultation with the Cloud Industry Forum. The new version of the Cyber Essentials technical requirements will be implemented for new assessment accounts from 24th January 2022. However, any assessment account that is already active before the 24th January will continue to use the current technical standard. This means that any time and effort already invested will not be wasted. Such assessments will have 6 months to complete from the 24th January 2022. In recognition of the extra effort that may be involved for some organisations, there will be a period of grace of up to 12 months for some of the requirements. The new requirements document and new question set is now published on the IASME website. Additional advice and guidance will be published in due course. The Cyber Essentials Readiness Tool will also be updated accordingly to reflect the new controls from 24th January. What is Cyber Essentials A simple but effective government backed scheme, Cyber Essentials helps organisations, whatever their size, guard against a whole range of the most common cyber threats. Not only does this reassure organisations and customers that their systems are secured against basic cyber-attacks, but Government contracts also often require this basic certification too.

Cyber Essentials will:

- Reassure customers that you are working to secure your IT against cyber attack

- Attract new business with the promise you have cyber security measures in place

- Give a clear picture of your organisation's cyber security level

- Enable you to bid for some Government contracts


If you would like to achieve Cyber Essentials, contact us today and we can refer you to a Trusted Partner who can work with you.

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.