Cyber Essentials Plus
Cyber Essentials Plus is a UK government-backed certification scheme that helps organizations demonstrate their operational security against common cyber attacks.
It’s an enhanced version of Cyber Essentials, which is a self-assessment option. Cyber Essentials Plus includes all the requirements of Cyber Essentials, plus additional verification steps, including a technical audit of your systems.
Cyber Essentials Plus certification confirms that an organization’s systems meet standards for: Secure configuration, Boundary firewalls and internet gateways, Access control and administrative privilege management, Patch management, and Malware protection.
Some reasons you would benefit from Cyber Essentials Plus
Here are some reasons why getting Cyber Essentials Plus could benefit your organisation.
You provide reassurance to your customers that your controls have been validated.
Have the possibility of bidding for other Government contracts which involve handling sensitive and personal information.
Why you need Cyber Essentials Plus
Cyber Essentials Plus is based on the same technical requirements as Cyber Essentials but includes a technical audit of your IT system.
The audit verifies that the Cyber Essentials controls are in place and gives more assurance to your prospective clients that you are complying with the scheme.
Cyber Essentials Plus is a more rigorous assessment and should be used by organisations when there is a higher risk of cyber security threats eg handling large amounts of personal data.
Achieving Cyber Essentials Plus certification will help protect your organisation against cyber threats and may even give you commercial advantage.
Some larger organisations require companies to have Cyber Essentials Plus to be part of their supply chain. If you are looking to take on Government tenders you may find that Cyber Essentials Plus is one of the requirements.
Cyber Essentials Plus – Key Benefits
Some of the benefits of Cyber Essentials Plus includes:
Independant verification that some of the controls specified on your Cyber Essentials application are working.
Required for some contracts
Shows increased commitment to IT Security.
Cyber Essentials Plus – Tests
The following summary has been taken from the Cyber Essentials Plus Test Specification (3.2) for Willow.
Test 1 – Remote Vulnerability Assessment
To test whether an internet based opportunist attacker can hack into the Applicant’s system with typical low skill methods.
Test 2 – Check Patching
To identify missing vulnerability fixes that could be exploited. To fix these vulnerabilities you might need to do a config change, a patch, an update or run a script prescribed by the vendor.
Test 3 – Check Malware Protection
Ensuring that all the machines in scope, benefit from a basic level of malware protection.
Test 4 – Check Multifactor Authentication Configuration
To ensure that all cloud services have been configured for multifactor authentication
Test 5 – Check Account Separation
To ensure that no normal user accounts are running with administrator privileges.
Certifications
These are some of the certifications we are really proud to hold:
