The Cyber Essentials scheme is a UK government-backed program that helps organisations protect against common cyber threats. The Cyber Essentials scheme covers five key areas:
- Firewalls.
- Secure configuration.
- Security update management.
- User access controls.
- Malware protection.
In April 2023, the National Cyber Security Centre (NCSC) will be updating the Cyber Essentials requirements. The changes are designed to improve the effectiveness of the scheme and to reflect the evolving threat landscape. All the changes to CE and CE+ have are based upon feedback from both assessors and applicants.
Some of the key changes are:
- Firmware is now included in the definition of “software”. This means that businesses will need to keep the firmware on their devices up to date, in addition to the operating system and applications.
- Asset management is now a recommended practice. Asset management is the process of identifying, tracking, and managing all an organization’s assets, including computers, mobile devices, and data. By implementing good asset management practices, firms can reduce the risk of a data breach.
- Third-party devices are now in scope. This means that organisations will need to apply the Cyber Essentials controls to any devices that are used by third parties, such as contractors and consultants.
- Device unlocking advice has been updated to reflect that some configuration can’t be altered because of vendor restrictions. When a vendor doesn’t allow an business to change the configuration of a device, the firm must use the vendor’s default settings.
- Malware protection requirements have been updated. Organisations will now need to use a malware protection solution that is actively updated and that prevents malware from running, executing malicious code, and connecting to malicious websites.
These are just some of the key changes to the Cyber Essentials scheme in April 2023. Organisations that are certified under the current version of the scheme will not need to re-certify until their current certificate expires.
However, organizations that are planning to apply for Cyber Essentials certification in the near future should be aware of the changes and should make sure that they are prepared to meet the new requirements.
ITSD offers cyber security and IT support for companies in Surrey, London, the UK, and Europe. For more information on the changes to the Cyber Essentials scheme, get in touch with ITSD. Call us on 01932 260 606 or complete our contact form.
