What is Cyber Essentials?
Cyber Essentials is a UK government-backed certification scheme launched by the National Cyber Security Centre (NCSC). It provides a baseline set of five technical controls that, when properly implemented, protect against the most common cyber threats. There are two levels of certification: Cyber Essentials (self-assessed) and Cyber Essentials Plus (independently verified).
The Five Cyber Essentials Controls
- Firewalls — Boundary firewalls and internet gateways to protect the network perimeter.
- Secure configuration — Devices and software configured to reduce vulnerabilities.
- User access control — Controlling access to data and services; least privilege principles.
- Malware protection — Protection against viruses and other malicious software.
- Security update management — Keeping devices and software patched and up to date.
Cyber Essentials vs Cyber Essentials Plus
- Cyber Essentials — Online self-assessment questionnaire, reviewed and certified by a certifying body. Valid for 12 months.
- Cyber Essentials Plus — Includes all of Cyber Essentials, plus an independent technical verification — on-site or remote — testing the actual implementation of the five controls.
When is Cyber Essentials Required?
- Mandatory for all UK government contracts involving handling of personal information or providing certain technical products and services to the public sector
- Required in UK Ministry of Defence supply chain contracts
- Increasingly specified in FTSE 100 and large enterprise supplier requirements
- Recommended by NCSC for all UK organisations as a baseline
Combining Cyber Essentials with ISO 27001
Cyber Essentials addresses a targeted set of technical controls, while ISO 27001 provides a comprehensive management system framework. Many UK organisations pursue both — Cyber Essentials satisfies government procurement requirements while ISO 27001 satisfies enterprise client and international market requirements. BALTUM offers a combined programme that efficiently addresses both certifications.