The Cyber Essentials scheme was launched on 5 June 2014. Several organisations were quickly certified by the end of June. Since October 2014, Cyber Essentials certification has been required for suppliers to central UK government who handle certain kinds of sensitive and personal information.
The five main technical controls are:
- Boundary firewalls and internet gateways
- Secure configuration
- Access control
- Malware protection
- Patch management
Bridewell Consulting can:
- Support you through the process
- Provide CREST certified individuals to conduct testing and support your questionnaire submission
- Ensure your organisation achieves compliance against the requirements
- Conduct gap analysis against the requirements and then assisting you implement the require technical procedures
Cyber Essentials guidance breaks these down into finer details. These controls can be mapped against the controls required by ISO/IEC 27001:2013, although Cyber Essentials has a narrower focus, emphasising technical controls rather than governance, risk, and policy.