Cyber Essentials and Cyber Essentials Plus
The UK Cyber Essentials scheme validates that a minimum level of security controls are being operated by an organisation. The scheme is run primarily on a questionnaire basis and certification is provided by IASME. The five basic controls within Cyber Essentials are closely aligned to the Basic CIS Controls and PCI DSS requirements.
and the outline scope of the requirements:
Cyber Essentials certification also requires a 3rd Party External Pen test to be conducted, while Cyber Essentials Plus goes one step further, with a requirement for an internal vulnerability scan to be run.
Cyber Essentials has been originated as a starting point for cyber security controls. It’s a minimum level of security best practices that every organisation should be aligned too.
As with all compliance mandates, the focus should not be on the annual audit, but on embedding these best practices within the daily management and provision of IT services within a business. If you are serious about maintaining provable and effective cyber security then NNT SecureOps™ is the right way to go.
NNT provide a modular set of automated solutions to help you get compliant and stay compliant with Cyber Essentials:
NNT Vulnerability Tracker: Just set it up and let it tell you when software needs patching or if any other security vulnerability requires attention. Fully automated, Vulnerability Tracker will run every 14 days and provide a simple report detailing where security weak spots exist within your IT Systems, and what you need to remediate them.
NNT Change Tracker: Directly addresses the requirements for getting your IT systems into an initial securely configured state, thereafter tracking changes to
- Firewall configuration changes
- All secure configuration settings
- User Accounts
- Admin Accounts
- Software Installations
- Malware defences
NNT Log Tracker: Records full audit trails of all user activity then correlates events to provide early-warning of hacker behaviour. Ideal for managing the User/Admin Account requirements of Cyber Essentials, providing audit trails of all active accounts, user history, and alerts on key events such as new account creation, admin privilege elevation and firewall admin access.
UK Government Suppliers - Cyber Essentials is now a feature of many government tenders making it a mandatory requirement for suppliers bidding for contracts.
Ministry of Defence - From April 2016 all companies bidding for new contracts with the MoD and suppliers within the MoD supply chain will also need to demonstrate compliance with the MoD Cyber Security Model (CSM).
The CSM leverages Cyber Essentials as a minimum although most will expect Cyber Essentials Plus compliance. The MoD augment Cyber Essentials requirements with further requirements for security procedures and process to be proven.
The NHS and Health Sector – Post-WannaCry in 2017, and with the increasing use of Electronic Health Records, cyber security for the health sector has never been more important. Cyber Essentials Plus is the natural choice and was recommended by the public enquiry into WannaCry, however, NHS Digital have declined to mandate the standard. The global ransomware outbreak crippled the NHS for days and showed there had been a serious lack of investment in IT (for instance, widespread usage of Windows XP was a common factor in many NHS hospitals).
- New Kr00k Vulnerability Affects Over 1 Million Wi-Fi Devices
- Medical Devices Introduce Major Bluekeep Vulnerability to HCOs
- IoT Devices Designed by the World's Largest Manufacturers Infected with Malware
- Health Data Belonging to 1 Million New Zealanders at High Risk of Compromise
- Remote Access Vulnerabilities Found in Popular IoT Devices and Routers
- Google Reports Massive iPhone Security Flaw
- 34% of Vulnerabilities Reported in First Half of 2019 Remain Unpatched
- Researcher Warns of Airlines Failing to Protect Customer Data
- US Coast Guard Reveals Large Vessel Suffered a Cyber Attack
- Vulnerability Scans Are a Lot Like Eating Mushrooms
- All Vulnerability Scanning Blogs
Access CIS Resources
Access a broad range of CIS Benchmark reports to audit your enterprise and continuously monitor for any drift from your hardened state.
Download Reports »
Server Hardening Resources
Download Hardened Services checklists, derived by NNT in conjunction with Microsoft, to manually audit your servers for compliance.
Download Checklists »
Audit Policy Template Resources
Gain access to audit policies derived from the Center for Internet Security to generate audit logs on all relevant security levels.
Download Audit Policies »
Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.
Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.