Significant January update for Cyber Essentials
Cyber Essentials, a Government-approved scheme introduced in 2014 to help UK businesses defend against cyber threats, is getting a much needed updated.
On the 24th January 2022, an updated set of requirements specifically targeting the technical controls will be released.
With the ever-evolving threat landscape, changes in the way we work and the rapid adoption of cloud services, tighter controls are essential for staying secure and protected against cyber threats.
What’s new in Cyber Essentials?
The National Cyber Security Centre (NCSC) and ISASME recently conducted a major technical review of the scheme. From the results, the two firms have concluded that the updated requirements will made in the controls and aim to help businesses maintain their basic cyber hygiene and provide reassurance for managers, staff and customers.
Many changes have been brought in by taking into account feedback from assessors, and applicants and consultation with the Cloud Industry Forum. In addition, the controls have been updated with guidance from NCSC technical experts and, therefore, better align Cyber Essentials with further initiatives, including Cyber Aware.
Essentially, the updates are set to include revisions of:
- The use of cloud services
- Revisions to use of home working
- Multi-factor authentication
- Password management
- Security updates
Whilst the new requirements are being introduced in January, any ongoing assessments that begin before that date will continue to use the current technical standard. This means that in-progress certifications will not be affected. If you’re one of the businesses on the current standard, you’ll have six months from 24th January to complete the assessments.
Some businesses may need to take extra steps when assessed against the new standards, so to honour this, there will be a period of up to twelve months for some of the requirements.
If you’re looking for guidance around the update, contact our cyber security experts today.
