More
More

Cyber Security Blog

Stay ahead of the curve with industry trends, cutting edge tech and inventive strategies.

Cyber Essentials Plus Assessment: Top Tips for Passing

Whether you’re just beginning to explore Cyber Essentials or you’ve already secured your Cyber Essentials Basic accreditation, one thing’s clear—you want to get it right. We’re here to guide you through the process. 

In our previous blog, we walked you through everything you need to know to prepare for the Cyber Essentials Basic assessment. Now, in this second instalment, we’ll take you through the next step: passing the Cyber Essentials Plus requirements with flying colours. 

Cyber Essentials Logo

Whether your goal is to strengthen customer trust, unlock government contracts, or simply reinforce your Cyber Security defences, achieving this certification is a game-changer. We know the more hands-on, technical audit of Cyber Essentials Plus can seem a bit daunting, but don’t worry—we’ve got you covered. 

By reading both parts of the guide, you’ll have the tools, tips, and insights to ensure your journey to Cyber Essentials Plus is as smooth as possible. 

Read The First Cyber Essentials Basic Blog👆

Before you get stuck-in in achieving your Cyber Essentials Plus accreditation let’s look at some key factors you should prepare for 

  • Cloud Services & MFA: On the day of your assessment, all your cloud services will be tested for Multi-Factor Authentication (MFA). Make sure you have an admin user ready for each cloud service to show that MFA is set up and working. Trust us, this is something you don’t want to miss — MFA is a must.
  • Don’t Let Time Run Out: You’ve got a 3-month window after achieving Cyber Essentials Basic to complete and pass your Cyber Essentials Plus assessment. If you miss that deadline, you’ll have to start from scratch and re-purchase both certifications. No one wants that kind of extra work, so keep an eye on the clock.
  • Finish in 30 Days: After the initial assessment, you’ll have 30 days to get everything done, including any fixes you need to make. If you go over that time limit, you’ll have to schedule a whole new set of tests—which means more delays and headaches. Best to stay on top of things and get it all wrapped up within that month.
Get Started Today With Our free Cyber Essentials Plus Quote 👆

Ensure You Triumph in Cyber Essentials Plus: The Cyber Essentials Plus Top Tips 

There are specific requirements you’ll need to meet during your Cyber Essentials Plus assessment, and we know that some organisations might not be fully aware of them or may find them a bit unclear. To make things easier, we’ve broken down the key sections, so you’ll have a clear understanding of what’s needed and how to prepare for each part of the process. 

Here’s what you need to know to avoid any surprises for your Cyber Essentials Plus Checklist and keep everything running smoothly: 

  • 1. Device Preparation Is Key

When the Cyber Essentials Plus (CE+) certification begins, a sample of your organisation’s devices will be selected for testing. This sample is based on the information you provided during your Cyber Essentials Basic assessment, and the devices will be checked to ensure they still meet the necessary security controls. 

To avoid any last-minute scrambles, it’s a good idea to double-check that these selected devices are ready and available for testing well in advance of the assessment day. Make sure everyone involved knows what’s coming, so no one is caught off guard. It’s also worth reviewing the basics—make sure all devices are compliant with the requirements you originally outlined in your Cyber Essentials Basic submission. 

  • Pro Tip: Run your own internal checks beforehand to confirm that all software is up-to-date. Outdated applications can cause headaches during the vulnerability scan (we’ll get to that later), and being proactive now can save you from unnecessary delays.
Discover More Information On Cyber Essentials Plus 👆
  • 2. Multi-Factor Authentication (MFA) – Double-Check It’s Ready

One key part of your Cyber Essentials Plus (CE+) assessment will be verifying that Multi-Factor Authentication (MFA) is in place for all the cloud services you listed during your Cyber Essentials Basic assessment. This is absolutely essential, so if you’re unsure whether MFA is active across all accounts, now’s the time to make sure everything’s set up properly. 

An image of a person going through the process of multi factor authentication

For each cloud service, you’ll need to have both an admin user and a standard user ready to demonstrate that MFA is working. If your cloud services share a Single Sign-On (SSO), you’re in luck—the assessor will only need to check the SSO once across all linked services, saving you some time. 

  • Pro Tip: Refer back to your Basic assessment (especially question A2.9) to guide you in ensuring every cloud service has MFA enabled and ready to be tested. It’s always better to catch any gaps now rather than during the assessment!
Gain Expert Advice With Your Free Quote 👆
  • 3. Stay On Top Of Vulnerability Scanning For Cyber Essential Plus

Cyber Essentials Plus criteria includes a vulnerability scan, which checks for any weaknesses in your software or systems. This scan is particularly thorough, so you’ll want to ensure that all applications across the devices being tested are fully up-to-date and secure. 

A common oversight is leaving outdated or unused applications on devices.

For example, a staff member may have downloaded a rarely used app for a one-off client meeting months ago, and now it’s out of date.

Unfortunately, this will be flagged during the scan. To avoid this, carry out a sweep of all devices and ensure any unnecessary applications are either updated or uninstalled. 

A credentialed patch audit requires the credentials of an account with admin-level permissions, allowing the scanner to gather the necessary information. If you’re hesitant to share existing credentials, you can create a temporary admin account for this purpose. This account can be deleted after the assessment to maintain security. 

  • Pro Tip: If you’re concerned that running a vulnerability scan could disrupt your critical services, speak with your assessor ahead of time. They can schedule scans to run outside of business hours to minimise any potential impact.
  • 4. Be Ready For Malware Testing

As part of the Cyber Essentials Plus assessment, there will be an email malware test where the assessor sends a malware test file to your organisation. Your job is to show where these emails end up, so make sure you can access your quarantine folders or email logs on the day of the assessment. 

An image of malware on a webpage

If your email system automatically quarantines these test files, no worries—you’ll just need to show the assessor how your system catches and flags them. It’s a crucial step in passing the malware section of the assessment, so make sure you’ve got everything prepared ahead of time. 

  • Pro Tip: Get your IT team ready by ensuring they know where the quarantine logs are stored and can access them quickly. Having everything organised will save time and make this step a breeze.
Explore Our Guide To Cyber Essentials Plus 👆
  • 5. Review Your Cyber Essentials Basic Answers

If it’s been a few months since you completed your Cyber Essentials Basic assessment, in that time, things may have shifted within your organisation. Before you dive into the Cyber Essentials Plus assessment, take a moment to revisit your Basic answers. Have you added any new devices? Dropped any cloud services? Changed any internal processes? 

If things have changed, it’s important to let your assessor know ahead of time. Being proactive here can save you from any unnecessary delays or complications during the Plus assessment. It’s a quick check, but it can make a big difference in keeping everything on track. 

  • Pro Tip: Keep a checklist of any changes in your IT setup since your Basic assessment—new devices, software, or processes. This will make it easy to flag updates to your assessor and help you stay organised for the Plus assessment.

Get Cyber Essentials Certified with Confidence 

The path to certification doesn’t have to be complicated or stressful. At Equilibrium Security, we’re more than ready to help you cross the finish line. With our guidance, you can ensure that every detail is covered, and every requirement is met, without the usual headaches. 

Ready to make Cyber Essentials certification a reality? Let’s work together. Call us at 0121 663 0055 or drop us an email at enquiries@equilibrium-security.co.uk. Together, we’ll ensure your organisation is secure, compliant, and ready for whatever comes next. 

Ready to achieve your security goals? We’re at your service.

Whether you are a CISO, an IT Director or a business owner, Equilibrium has the
expertise to help you shape and deliver your security strategy.
Our services
Book an expert call

About the author

Lucy Lawson is a Marketing Professional at Equilibrium Security, skilled in transforming complex Cyber Security challenges into clear, actionable advice. Her content is designed to guide your business in making informed Cyber Security decisions which follow best practice, ensuring your digital assets remain safe and secure.
Lucy Lawson
Marketing Assistant

Latest posts