The UK official NCSC (National Cyber Security Centre) and IASME plan to update requirements for the Cyber Essentials scheme. They describe it as the biggest overhaul of the scheme’s technical controls since it was launched in 2014; in response to the cyber security challenges now regularly faced.
The way we work has changed dramatically, they add. The risks brought about by digital transformation and the adoption of cloud-based services has been compounded by the move to home-working due to the pandemic lockdown of spring 2020. The refresh reflects these changes and signals a more regular review of the scheme’s technical controls, they add.
The NCSC and IASME recently completed a technical review of the scheme, which has informed the update. The scheme covers basic cyber hygiene, as a reassurance for customers and supply chain. Revisions are around cloud services, home-working, multi-factor authentication, password management and security updates. The controls, which have been updated with direct input from the NCSC’s and IASME’s technical people, also align Cyber Essentials closer to other initiatives and guidance, including Cyber Aware.
Many of the changes are based on feedback from assessors and applicants, as well as consultation with the Cloud Industry Forum.
The new version of the Cyber Essentials technical requirements will come in for new assessment accounts from January 24. However, any assessment account that is already active before January 24 will continue to use the current technical standard. This means that any time and effort already invested will not be wasted. Such assessments will have six months to complete from January 24. Due to the extra effort that may be involved for some, there will be a period of grace of up to 12 months for some of the requirements.
The new requirements document and new question set is now published on the IASME website; visit https://iasme.co.uk/cyber-essentials/free-download-of-cyber-essentials-self-assessment-questions/. More advice and guidance will be published in due course. The Cyber Essentials Readiness Tool will also be updated accordingly to reflect the new controls from January 24.
About Cyber Essentials
A UK Government backed scheme, Cyber Essentials is aimed at organisations, whatever their size, to guard against a range of the most common cyber threats. Some Government contracts may require this basic certification. From April 2020 IASME became the NCSC’s Cyber Essentials Partner, responsible for its delivery. Visit www.iasme.co.uk.
See also the NCSC website: https://www.ncsc.gov.uk/cyberessentials/overview.
