Summary

As part of a regular review of the Cyber Essentials scheme, The National Cyber Security Centre has announced it will be updating the Cyber Essentials certification technical requirements, necessary, to effectively pass assessments from April 2023.

The assessment will be improved to cover the technical controls, further ensuring that UK organisations are guarded against the most common cyber threats.

What is Cyber Essentials?

Cyber Essentials is a UK certification scheme for a business to show that they have a level of protection in cyber security. This is then maintained through annual assessments to keep your certification. 

The scheme is back by the UK Government and overseen by the Cyber Security Centre.

For more information on the scheme, visit our web page.

What does this mean for you?

The structure of the Assessment questionnaire has been improved, along with the style of the questions and the language used within the Cyber Essentials Assessment. 

The 2023 updates will deliver clarifications around the following areas: 

• User devices

• Clarification on firmware

• Third party devices

• Malware protection

• New guidance on zero trust architecture

• Style and language

These changes are based on feedback from assessors and applicants and have been made in consultation with technical experts from The National Cyber Security Centre.

The new assessment will take effect from the 24th April 2023. This means that all new applications started on, or after, this date, will use the new questions and requirements. 

Further Information

If you have any questions about this or need assistance, then please contact the GCC Group Support Team on 0345 260 1151 or servicedesk@gccgroup.co.uk