Cyber Essentials Plus Checklist
The UK government introduced the Cyber Essentials accreditation/certification in 2014 to protect the businesses being a victim of cyber attacks. Nearly 85% of the most common cyber attacks could be prevented by implementing the fundamental security controls described in Cyber Essentials framework. The certification has two different levels. The Cyber Essentials and Cyber Essentials Plus. The cyber essentials level 1 is a self-assessment certification where as Cyber Essentials plus is the more advanced and comprehensive. At the advanced level, an onsite assessment including a vulnerability scan will be performed by the Cyber Essentials Certification body. Under IASME, the new (and only) accreditation body and it’s Cyber Essentials process the applicant’s business has to achieve the Cyber Essentials level 1 before applying for Cyber Essentials Plus.
There are 5 different areas Cyber Essentials focuses on. They are Firewalls, Secure configuration, User access controls, Patch Management and Malware management. Having performed dozens of these certifications we know what the challenges are and how you can avoid them to avoid any surprises. Here is a checklist to help you achieve the Cyber Essentials Plus certification in the order, biggest challenge first.
3rd party Patch Management - The biggest challenge of all
- How do you manage 3rd party software updates? Likes of Java, Chrome, Adobe, vlc, AutoCAD, etc…
- Are all systems up-to-date? The critical updates have to be applied within 14 days of their release.
- Do you have unsupported operating Systems on the network? Likes of Windows 7, Windows server 2008 or older. If you do, it's a fail straight away unless they are isolated.
- Is all the software used in the business properly licenced?
- Did you change the default login details on network devices? Likes of firewalls, routers, printers, etc…
- Have you uninstalled the unnecessary software?
- Have you disabled unnecessary user accounts on the company’s systems?
- Do you have a strong password policy and is it enforced?
- Did you close the opened ports when they are no longer necessary?
- Is opening/closing ports process and authorisation documented?
- Is admin access restricted to certain IP addresses only?
- Do you have a firewall enabled on end user devices?
- Do you have an anti-virus software installed on all the machines?
- Is the Anti-virus software regularly updated?
- Does the antivirus software scans automatically and regularly?
User access controls
- Do you have a policy & process for joiners and leavers’ user accounts?
- Do you have a policy for setting user permissions?
- Do you have separate accounts for admin tasks? Is the process documented?
- Do you review the admin accounts regularly?
If you answered YES to most of the questions above then you are likely to get through the Cyber Essentials Plus certification on the first attempt. It’s always a good idea to get a full vulnerability assessment done on the network to understand the overall gaps in the software patching. I hope this article has helped you. Please refer to ‘Everything you need to know about Cyber Essentials’ to know more about the Cyber Essentials certification and the process involved. Also, the National Cyber Security Centre has useful guidance laid out too. For more information on the Accreditation body and the certification bodies please check out ‘IASME’ website.
If you are unsure whether you are ready for the cyber essentials plus certification or if you would like to make sure you pass first time we have a package for you. It’s called ‘Cyber Essentials Plus Extra’ where we will perform a per-assessment and advise you of the gaps so that you can resolve them before submitting the application. Get in touch.
- What is Email Phishing and how to detect & prevent phishing emails?
- Cyber Essentials Scheme Patching Requirements
- Quick tips to improve your board’s cybersecurity awareness
- What is Cyber Essentials and What has changed in 2020
- How Do I Pass Cyber Essentials plus Certification?
- Why is Cyber Essentials Important?
- Protecting your Work From Home Workforce
- Risks of staying with Windows 7
- How to implement a SIEM
- Deadline for the Cyber Essentials Voucher
- Congratulations to the Techforce Sponsorship winners
- Secure Your Supply Chain
- Case study: British Airways Fined £183.4million for Data Breach
- The Silver Bullet in Cyber Security
- Is it a good idea to build your own Security Awareness Training platform?
- Invoice fraud email scams and Office 365
- How to apply for the Cyber Essentials Voucher Scheme
- 5 things to consider when selecting a Security Awareness Training (SAT) platform
- 2 Years, Marmite and £600,000
- What is Business Email Compromise (BEC) and how to stop it
- Everything you need to know about Cyber Essentials
- How to choose a Security Awareness Platform
- How to pick the best Antivirus software for your business
- 6 Quick and Easy Email Security Tips for Dummies
- How to carry out an email phishing test?
- How to share passwords safely in your Small Business
- 10 Steps to Cyber Security explained
- 5 Reasons why you should consider having two monitors
- What is Email phishing & why you need security awareness training in your business
- 6 Top Tips to Prevent Cyber Attacks
- How to choose the best IT Service Provider for your business
- How to choose the best Antivirus software for your business
What is Email Phishing and how to detect & prevent phishing emails?
Email Phishing is a form of social engineering. Phishing is the method of sending a deceptive email to make the recipient reveal sensitive information, click on a link or download a malicious file.More
Cyber Essentials Scheme Patching Requirements
You heard of the Cyber Essentials scheme. If not here Everything you need to know about Cyber Essentials. Patch management is one of the key technical controls of the Cyber Essentials Scheme.More
Quick tips to improve your board’s cybersecurity awareness
The boards of directors have a legal responsibility to protect their companies against business risk, but how to make them aware of the importance of cybersecurity?More
What is Cyber Essentials and What has changed in 2020
You have heard about Cyber Essentials. Either one of your tenders documents asked for it or a client of yours asked for it or you just want to go through the process and achieve the certification.More
FOR LATEST UPDATES SUBSCRIBE HERE: