Home Normas Sectores ✦ AI Assessment Get a Quote →
HomeNormas → Cyber Essentials

Cyber Essentials y Cyber Essentials Plus

The UK government-backed cybersecurity certification scheme. Cyber Essentials and Cyber Essentials Plus certification is mandatory for UK public sector contracts involving handling of personal data or providing certain technical services — and increasingly requested by FTSE enterprise procurement teams.

Cyber EssentialsCyber Essentials PlusUK NCSCUK government contracts

¿Qué es Cyber Essentials?

Cyber Essentials es un esquema de certificación respaldado por el gobierno del Reino Unido, lanzado por el Centro Nacional de Ciberseguridad (NCSC). Proporciona un conjunto básico de cinco controles técnicos que, cuando se implementan correctamente, protegen contra las amenazas cibernéticas más comunes. Hay dos niveles de certificación: Cyber Essentials (autoevaluación) y Cyber Essentials Plus (verificación independiente).

The Five Cyber Essentials Controls

  • Firewalls — Boundary firewalls and internet gateways to protect the network perimeter.
  • Secure configuration — Devices and software configured to reduce vulnerabilities.
  • User access control — Controlling access to data and services; least privilege principles.
  • Malware protection — Protection against viruses and other malicious software.
  • Security update management — Keeping devices and software patched and up to date.

Cyber Essentials vs Cyber Essentials Plus

  • Cyber Essentials — Online self-assessment questionnaire, reviewed and certified by a certifying body. Valid for 12 months.
  • Cyber Essentials Plus — Includes all of Cyber Essentials, plus an independent technical verification — on-site or remote — testing the actual implementation of the five controls.

When is Cyber Essentials Required?

  • Mandatory for all UK government contracts involving handling of personal information or providing certain technical products and services to the public sector
  • Required in UK Ministry of Defence supply chain contracts
  • Increasingly specified in FTSE 100 and large enterprise supplier requirements
  • Recommended by NCSC for all UK organisations as a baseline

Combining Cyber Essentials with ISO 27001

Cyber Essentials aborda un conjunto específico de controles técnicos, mientras que ISO 27001 proporciona un marco de sistema de gestión integral. Muchas organizaciones del Reino Unido buscan ambos: Cyber Essentials satisface los requisitos de compras gubernamentales, mientras que ISO 27001 satisface los requisitos de clientes empresariales y mercados internacionales. BALTUM ofrece un programa combinado que aborda eficientemente ambas certificaciones.