Cyber Essentials Plus
Cyber Essentials is a UK Government-backed scheme designed to help organisations guard against the most common cyber threats. Cyber Essentials Plus demonstrates a high level of commitment to cyber security and data protection.
The National Cyber Security Centre (part of GCHQ) launched the Cyber Essentials scheme to enable organisations to gain one of two badges: Cyber Essentials (CE) and Cyber Essentials Plus (CE+)
Becoming CE+ Certified
Cyber Essentials is a self-assessment certification that requires a questionnaire to be completed and submitted to a certified member of one of the NCSC’s Accreditation Bodies. Organisations holding certifications are publicly listed on the NCSC’s certificate-search database making it easy to identify if you are CE/CE+ certified or not:
Being CE Certified means that you will ensure your security defences stand up to cyber-attacks as you will learn how to address, protect and prevent common threats.
The Basic Cyber Essentials certification verifies that an organisation meets the requirements outlined under five specific technical control themes:
- Secure Configuration
- User Access Control
- Malware Protection
- Patch Management
The Cyber Essentials Plus certification additionally requires you carry out an independent External Vulnerability Assessment of your infrastructure.
What happens during the vulnerability assessment?
Our External Vulnerability Assessment directly tests the controls in place on your network perimeter and highlights any obvious vulnerabilities via:
- A full TCP port scan for all IP addresses within specified ranges
- Scanning for known common UDP services for all IP addresses within specified ranges
- Basic web application scanning for common vulnerabilities performed from an unauthenticated user perspective
- Testing of inbound email binaries and payloads using a remote test account and desktop/laptop to send multiple emails containing one of the test files detailed by the certificating body
- A test from a website page with URLs linking to a set of test binaries
- Authenticated vulnerability scan of hosts using an approved industry- standard workstation build review tool to perform an administrator-level scan including local checks for each host within a sample set. This stage also includes a patch check for operating system updates and common applications, and a check of any antivirus solutions in use
What do I get on completion?
When the assessment has been all successfully completed, we will deliver the following:
- A report listing all identified risks scored using the CVSSv2 standard covering all five Cyber Essentials technical control themes
- Recommendations to further comply with the government standard
- Your Cyber Essentials Plus Certificate and badge
Gaining your Cyber Essentials Plus certificate evidences your commitment to cyber security. Get in touch with us about becoming CE+ certified today.