Cyber Essentials and Cyber Essentials Plus

The UK Cyber Essentials scheme validates that a minimum level of security controls are being operated by an organisation. The scheme is run primarily on a questionnaire basis and certification is provided by IASME. The five basic controls within Cyber Essentials are closely aligned to the Basic CIS Controls and PCI DSS requirements.

cyber essentials

See below for a summary of the Cyber Essentials questionnaire
and the outline scope of the requirements:

 

Source: IASME.co.uk

Cyber Essentials certification also requires a 3rd Party External Pen test to be conducted, while Cyber Essentials Plus goes one step further, with a requirement for an internal vulnerability scan to be run.

 

NNT SecureOps™ and UK Cyber Essentials

Cyber Essentials has been originated as a starting point for cyber security controls. It’s a minimum level of security best practices that every organisation should be aligned too.

As with all compliance mandates, the focus should not be on the annual audit, but on embedding these best practices within the daily management and provision of IT services within a business. If you are serious about maintaining provable and effective cyber security then NNT SecureOps™ is the right way to go.

NNT provide a modular set of automated solutions to help you get compliant and stay compliant with Cyber Essentials:

vulnerability tracker logo
Just set it up and let it tell you when software needs patching or if any other security vulnerability requires attention. Fully automated, Vulnerability Tracker will run every 14 days and provide a simple report detailing where security weak spots exist within your IT Systems, and what you need to remediate them.

change tracker gen7r2 logo
Directly addresses the requirements for getting your IT systems into an initial securely configured state, thereafter tracking changes to

- Firewall configuration changes
- All secure configuration settings
- User Accounts
- Admin Accounts
- Software Installations
- Malware defences

log tracker logo
Records full audit trails of all user activity then correlates events to provide early-warning of hacker behaviour. Ideal for managing the User/Admin Account requirements of Cyber Essentials, providing audit trails of all active accounts, user history, and alerts on key events such as new account creation, admin privilege elevation and firewall admin access.

Why you need UK Cyber Essentials certification

 

UK Government Suppliers - Cyber Essentials is now a feature of many government tenders making it a mandatory requirement for suppliers bidding for contracts.

Ministry of Defence - From April 2016 all companies bidding for new contracts with the MoD and suppliers within the MoD supply chain will also need to demonstrate compliance with the MoD Cyber Security Model (CSM).

The CSM leverages Cyber Essentials as a minimum although most will expect Cyber Essentials Plus compliance. The MoD augment Cyber Essentials requirements with further requirements for security procedures and process to be proven.

The NHS and Health Sector – Post-WannaCry in 2017, and with the increasing use of Electronic Health Records, cyber security for the health sector has never been more important. Cyber Essentials Plus is the natural choice and was recommended by the public enquiry into WannaCry, however, NHS Digital have declined to mandate the standard. The global ransomware outbreak crippled the NHS for days and showed there had been a serious lack of investment in IT (for instance, widespread usage of Windows XP was a common factor in many NHS hospitals).

 

Additional Resources
The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.