In January 2022, the NCSC introduced the biggest update to Cyber Essentials technical controls since its launch.
The NCSC published a revised set of requirements for the Cyber Essentials scheme in the new year. This is the most significant change to the scheme's technical limitations since it was introduced in 2014, and it is in response to the growing cyber security concerns that businesses are facing.
Cyber Essentials is a government-backed programme that assists businesses of all sizes in defending against the most frequent cyber attacks. It assures businesses and their customers that their systems are safe from common cyber-attacks. Organizations working on UK government contracts are frequently required to get a Cyber Essentials certification.
The NCSC and its Cyber Essentials IASME delivery partner recently conducted a significant technical evaluation of the scheme, the results of which have inspired the enhanced controls requirements. These improvements will assist businesses in maintaining basic cyber hygiene, giving management, employees, and customers peace of mind.
Revisions to the utilisation of cloud services, as well as home working, multi-factor authentication, password management, security upgrades, and more, are all included in the update. With assistance from NCSC technical experts, the controls have been revised to better link Cyber Essentials with other projects and guidelines, such as Cyber Aware.
The changes to the technical controls are more comprehensive and secure due to the new way we now work, with a lot of emphasis on the fact that devices are now being used more frequently outside of an office environment so BYOD policies, Zero Trust methodologies and remote access to networks are now all high priorities for most security teams.
IASME acknowledge that not all parts of the updated technical controls will be quick and easy to implement. As a result, they are providing a grace period of one year to allow organisations to make appropriate changes, but only for the following requirements:
- MFA for cloud services - Administrator accounts will be part of the scope from January 2022, with User accounts being included from January 2023.
- Thin clients – This new question will be for information only for the first 12 months, however, come January 2023 CE requires thin clients to be supported and receive security updates.
- Security Update Management – For the first 12 months, the removal of unsupported software questions will be for information only, coming into scope in January 2023.
Go Live UK's team will provide you with a professional consultancy on the up-to-date Cyber Essentials requirements for your company as well as answer to any questions you might have about Cyber Essentials Certification Process.
Get in touch with us to find a quick and proven solution.