Cyber Essentials and Cyber Essentials Plus

The UK Cyber Essentials scheme validates that a minimum level of security controls are being operated by an organisation. The scheme is run primarily on a questionnaire basis and certification is provided by IASME. The five basic controls within Cyber Essentials are closely aligned to the Basic CIS Controls and PCI DSS requirements.

cyber essentials

See below for a summary of the Cyber Essentials questionnaire
and the outline scope of the requirements:

 

Source: IASME.co.uk

Cyber Essentials certification also requires a 3rd Party External Pen test to be conducted, while Cyber Essentials Plus goes one step further, with a requirement for an internal vulnerability scan to be run.

 

NNT SecureOps™ and UK Cyber Essentials

Cyber Essentials has been originated as a starting point for cyber security controls. It’s a minimum level of security best practices that every organisation should be aligned too.

As with all compliance mandates, the focus should not be on the annual audit, but on embedding these best practices within the daily management and provision of IT services within a business. If you are serious about maintaining provable and effective cyber security then NNT SecureOps™ is the right way to go.

NNT provide a modular set of automated solutions to help you get compliant and stay compliant with Cyber Essentials:

NNT Vulnerability Tracker: Just set it up and let it tell you when software needs patching or if any other security vulnerability requires attention. Fully automated, Vulnerability Tracker will run every 14 days and provide a simple report detailing where security weak spots exist within your IT Systems, and what you need to remediate them.

NNT Change Tracker: Directly addresses the requirements for getting your IT systems into an initial securely configured state, thereafter tracking changes to

- Firewall configuration changes
- All secure configuration settings
- User Accounts
- Admin Accounts
- Software Installations
- Malware defences

NNT Log Tracker: Records full audit trails of all user activity then correlates events to provide early-warning of hacker behaviour. Ideal for managing the User/Admin Account requirements of Cyber Essentials, providing audit trails of all active accounts, user history, and alerts on key events such as new account creation, admin privilege elevation and firewall admin access.

Why you need UK Cyber Essentials certification

 

UK Government Suppliers - Cyber Essentials is now a feature of many government tenders making it a mandatory requirement for suppliers bidding for contracts.

Ministry of Defence - From April 2016 all companies bidding for new contracts with the MoD and suppliers within the MoD supply chain will also need to demonstrate compliance with the MoD Cyber Security Model (CSM).

The CSM leverages Cyber Essentials as a minimum although most will expect Cyber Essentials Plus compliance. The MoD augment Cyber Essentials requirements with further requirements for security procedures and process to be proven.

The NHS and Health Sector – Post-WannaCry in 2017, and with the increasing use of Electronic Health Records, cyber security for the health sector has never been more important. Cyber Essentials Plus is the natural choice and was recommended by the public enquiry into WannaCry, however, NHS Digital have declined to mandate the standard. The global ransomware outbreak crippled the NHS for days and showed there had been a serious lack of investment in IT (for instance, widespread usage of Windows XP was a common factor in many NHS hospitals).

 

Additional Resources
Contact Us

USA Offices

New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]

 

UK Office

New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
 [email protected]

SC Magazine Cybersecurity 500 Infosec Security Winners 2018 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2020, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.