Posted: 30th January 2023
With the fast-paced world of cyber crime, Cyber Essentials updates are necessary to ensure UK businesses remain guarded against the most common cyber threats.
5 reasons why Cyber Essentials is a great asset for your business.
April 2023 will see the NCSC updating the technical requirements for the Cyber Essentials accreditation. Although not as big as the 2022 update, we want to keep you abreast of the changes.
The updates for Cyber Essentials in 2023
The aim of the Cyber Essentials updates is not to change the 5 key controls that have been so successful over the years but to bring clarification and new guidance. Here is what the updates look like:
User devices
Previously requiring the model of all user devices, from April, the self-assessment questionnaire will only require the make and operating system. This will apply to all user devices within the scope of the certification.
Firmware
Under the directive of maintaining and supporting software, all firmware is currently also included. The latest Cyber Essentials updates will change this to apply to router and firewall firmware only.
Third-party devices
Deeper clarification on how third-party devices should be managed will now be included in the Cyber Essentials application pack.
Device unlocking
Previously denying the use of default settings, the NCSC has made some changes in recognition of some unconfigurable settings such as the restriction on failed log-in attempts. In instances such as this, default settings will now be accepted in the application process.
Malware protection
Signature-based malware protection will not be a requirement from April and sandboxing software will no longer be an option. But don’t worry, the NCSC will support businesses with clarification on which mechanism is recommended for varying device types.
Zero trust architecture
The NCSC will submit new guidance on zero trust strategies and asset management.
Clearer understanding
The NCSC has acknowledged several style and language changes to the application documents for easier understanding. This includes a re-order of the 5 key controls to align with the question set.
CE+ testing
Mirroring changes to the requirements, the CE+ Test Specification document has been updated including simplified malware protection testing.
What do the Cyber Essentials updates mean?
These changes have all been established based on feedback from applicants and assessors. They’re designed to bring clarity and further support to businesses looking to make the best of their cyber security.
It’s great that the NCSC has been responsive, and these Cyber Essentials updates can only result in more businesses becoming accredited – improving their security and their reputation.
Jupiter IT Can Help
We’re committed to helping businesses tighten their cyber security to the point of perfection. We are proud to hold the Cyber Essential Plus Certification and as experts in this standard, can help you through the application process to achieve the Cyber Essential Accreditation too.
To find out more, get in touch – we’re here to share our expertise with you.