Cyber Essentials and Cyber Essentials Plus
The UK Cyber Essentials scheme validates that a minimum level of security controls are being operated by an organisation. The scheme is run primarily on a questionnaire basis and certification is provided by IASME. The five basic controls within Cyber Essentials are closely aligned to the Basic CIS Controls and PCI DSS requirements.
and the outline scope of the requirements:
Source: IASME.co.uk
Cyber Essentials certification also requires a 3rd Party External Pen test to be conducted, while Cyber Essentials Plus goes one step further, with a requirement for an internal vulnerability scan to be run.
Cyber Essentials has been originated as a starting point for cyber security controls. It’s a minimum level of security best practices that every organisation should be aligned too.
As with all compliance mandates, the focus should not be on the annual audit, but on embedding these best practices within the daily management and provision of IT services within a business. If you are serious about maintaining provable and effective cyber security then NNT SecureOps™ is the right way to go.
NNT provide a modular set of automated solutions to help you get compliant and stay compliant with Cyber Essentials:
Just set it up and let it tell you when software needs patching or if any other security vulnerability requires attention. Fully automated, Vulnerability Tracker will run every 14 days and provide a simple report detailing where security weak spots exist within your IT Systems, and what you need to remediate them.
Directly addresses the requirements for getting your IT systems into an initial securely configured state, thereafter tracking changes to
- Firewall configuration changes
- All secure configuration settings
- User Accounts
- Admin Accounts
- Software Installations
- Malware defences
Records full audit trails of all user activity then correlates events to provide early-warning of hacker behaviour. Ideal for managing the User/Admin Account requirements of Cyber Essentials, providing audit trails of all active accounts, user history, and alerts on key events such as new account creation, admin privilege elevation and firewall admin access.
UK Government Suppliers - Cyber Essentials is now a feature of many government tenders making it a mandatory requirement for suppliers bidding for contracts.
Ministry of Defence - From April 2016 all companies bidding for new contracts with the MoD and suppliers within the MoD supply chain will also need to demonstrate compliance with the MoD Cyber Security Model (CSM).
The CSM leverages Cyber Essentials as a minimum although most will expect Cyber Essentials Plus compliance. The MoD augment Cyber Essentials requirements with further requirements for security procedures and process to be proven.
The NHS and Health Sector – Post-WannaCry in 2017, and with the increasing use of Electronic Health Records, cyber security for the health sector has never been more important. Cyber Essentials Plus is the natural choice and was recommended by the public enquiry into WannaCry, however, NHS Digital have declined to mandate the standard. The global ransomware outbreak crippled the NHS for days and showed there had been a serious lack of investment in IT (for instance, widespread usage of Windows XP was a common factor in many NHS hospitals).
Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.
Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)
Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.
Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds