Cyber Essentials Certification  Cyber Essentials PlusCyber Essentials

What is Cyber Essentials

Launched in 2014 in the United Kingdom, Cyber Essentials is a government-backed standard that identifies the basic security controls an organization should have in place in order to have confidence that they are addressing and mitigating risk from internet-based threats. Implementing controls for these strategies provides a basic, but essential, level of protection. The scheme focuses on five essential strategies:

  • Boundary firewalls and internet gateways
  • Secure configuration
  • Access control
  • Malware protection
  • Patch management

Cyber Essentials is required for any private-sector business looking to bid on U.K. government contracts or renew existing contracts and can be a benefit when pursuing opportunities in the MOD, education and healthcare sectors. Many large organizations recommend or require Cyber Essentials certification for their supply chain to reduce the systemic risk in dealing with multiple organizations. For other organizations and businesses, certification demonstrates that they take the data of their clients seriously, providing an opportunity to differentiate themselves from their competition.

Certification is available for Cyber Essentials as well as Cyber Essentials Plus. Both require the completion of a questionnaire that relates to the security controls and secure configuration of the five essential strategies listed above. InteliSecure has created a portal that will allow you to begin the completion of the Security Controls Questionnaire prior to an assessment.

Certification Services

As a CREST-certified organization, InteliSecure offers the following services for organizations operating in the United Kingdom that are looking to become Cyber Essentials certified.

Cyber Essentials Certification

Basic Cyber Essentials Certification requires that an organization complete a self-assessment questionnaire that is reviewed by an external, certifying body. InteliSecure security experts will assist organizations in completing their Security Controls Questionnaire followed by an external vulnerability assessment that covers:

  • TCP port scan for all IP addresses within specified ranges
  • Scan for known, common UDP services for all IP addresses within specified ranges
  • Basic web application scanning for common vulnerabilities from an unauthenticated user perspective

Cyber Essentials Plus Certification

InteliSecure’s Cyber Essentials Plus certification service provides everything listed in the Cyber Essentials certification as well as the following additional assessments:

  • Inbound email binaries and payloads
  • Website page with URLs linking to binaries
  • Authenticated vulnerability scan of host(s)

Please contact us to learn more about Cyber Essentials certification services.