Government changes to Cyber Essentials – April 2023.

In April 2023, the NCSC, and its partner IASME will be making changes to the technical requirements for Cyber Essentials.

The update is part of a regular review to ensure that it continues to help UK businesses facing cyber threats every day protect themselves.

After 2022 being the biggest update since its inception in 2014, this year’s changes will be much lighter, making only minor, but welcome tweaks.

The update will include.

User Devices : With the exception of network devices, user devices in the scope of Cyber Essentials certification only need to list the make and operating system, without the requirement to list the model in the self-assessment question set.

Clarification of Firmware : Firmware definition has been changed to only include router and firewall firmware and must be kept up-to-date and supported, based on feedback that information is difficult to find.

Third Party Devices : A new table clarifies the treatment of third-party devices in the certification application process.

Device Unlocking : Changes to device unlocking allow for use of default settings if they are unconfigurable.

Malware Protection : The requirement for anti-malware software to be signature-based has been removed, and guidance for the appropriate mechanism for different devices has been provided.

New guidance on zero trust architecture for achieving CE and a note on the importance of asset management.

Style and language : Several language and format changes have been made to make the document easier to read.

Structure updated : The technical controls have been reordered to align with the updated self-assessment question set.

CE+ Testing : The CE+ Illustrative Test Specification document has been updated with changes to the requirements, including a simplified set of tests for malware protection for easier use by applicants and assessors.

Read in more detail here – https://www.ncsc.gov.uk/information/cyber-essentials-technical-requirements-updated-for-april-2023

Why is It important to be Cyber Essentials Certified

Cyber Essentials is a great first step in hardening your IT Security. This government-backed cyber security certificate scheme sets out a baseline of cyber security suitable for all sizes of organisations.

Most orginisations do not have cyber security certifications.

81% of businesses are not certified under the cyber essentials standard.

Some of the benefits of cyber essentials include.

• Shows commitment to cybersecurity.
• Protects against common online threats.
• Boosts customer/partner confidence in brand/services.
• Helps comply with regulations/standards.
• Strengthens cybersecurity posture.
• Protects sensitive data/systems.
• Reduces legal/financial consequences.
• Cost-effective, necessary step for businesses.

Make it Easier with Genmar

We have already achieved our Cyber Essentials certificate and have helped many other businesses do the same.

We can guide you through the process from start to finish, reviewing your current IT security environment, recommending any changes, assisting with completion of Cyber Essential documentation and implement any changes required.

Find out more – https://genmar.co.uk/cyber-essentials/