The five basic security controls of the Cyber Essentials
scheme that enable organizations to prevent common cyberattacks are:
Use a firewall to ensure that all your systems, networks, and devices are protected against incoming threats.
Prioritize the need for the highest level of security settings for all your systems and devices over ease of use.
Provide employees with the accesses that are critical to fulfill their roles alone.
Enforce measures like application safelisting and restricting access to unsecure websites to avoid malware attacks.
Deploy patches or security updates periodically to protect your systems and applications against cybersecurity vulnerabilities.
In consideration of evolving technologies and the change in work environments due to the pandemic, the NCSC revised the Cyber Essentials scheme in January 2022. Organizations have a grace period of one year to accommodate the new additions. While the five technical controls mentioned above remain the same, new requirements have been added regarding the use of BYOD and cloud services, remote work, password management policies, and multi-factor authentication for on-premises and cloud services.
Devices used for remote work, Platform as a Service and Software as a Service solutions in the cloud segment, thin clients, servers, end-user devices (i.e., mobile phones, laptops, and desktops), and wireless devices operating through the internet are now considered for assessment under Cyber Essentials.
Cyber Essentials has also adopted a tiered pricing structure based on the enterprise size, which is determined by the employee count.
ManageEngine's suite of IT management solutions can help your organization meet the Cyber Essentials security control requirements. Download ManageEngine's Cyber Essentials guide to get:
The complete implementation of the Cyber Essentials scheme requires a variety of solutions, processes, people, and technologies. The solutions mentioned in our guide are some of the ways in which IT management tools can help with the Cyber Essentials requirements. Coupled with other appropriate solutions, processes, and people, ManageEngine’s solutions help implement the Cyber Essentials. This material is provided for informational purposes only, and should not be considered as legal advice for the Cyber Essentials implementation. ManageEngine makes no warranties, express, implied, or statutory, as to the information in this material.
We will get back to you soon.