Cyber Essentials Certification Checklist
Get ready for your Cyber Essentials self-assessment
The Cyber Essentials Scheme: How can Cyber Essentials benefit you?
The Cyber Essentials Scheme provides a step-by-step approach for small and medium-sized enterprises to develop a robust approach to their Cyber Security. Smaller companies can face a distinct set of security challenges and may have more limited resources to tackle them.
How to achieve a Cyber Essential certification:
Organisations are required to complete a self-assessment questionnaire that verifies that five key technical controls are in place.
- Firewalls
- Secure Settings
- Access Control
- Malware
- Relevant Software Updates
- Not only do these need to be present, they also need to be updated and current.
Equilibrium Security are one of the few Government Cyber Essentials UK Certification bodies within the Midlands. We have been working alongside IASME conducting Cyber Essentials and Cyber Essentials Plus assessments since 2016.
Ensuring You Are Cyber Essentials Ready
To ensure you are ready for Cyber Essential assessment, it’s important to complete a Cyber Security checklist. This should verify that all of the required technical controls and measures are in place prior to assessment. It can also allow you to take remedial action should you find that your security measures are not currently meeting the required standard.
What should be included in a Cyber Essentials certification checklist or Cyber Essential Plus checklist?
5 Essential Steps Required For Cyber Security Measures
1. Firewalls and routers
A firewall must be in place to protect your internet connected devices.
2. Secure Configuration
Prevent hackers gaining unauthorised access to your systems.
3. Access Control
Reduce the likelihood of unauthorised access, by controlling who can access sensitive data.
4. Malware Protection
Protect your organisation from virus’s, malware. Update your Cyber Essentials malware defences.
5. Security Update Management
Regularly update your applications & critical systems to identify & remediate vulnerabilities.
- Here are 5 essential steps to follow to ensure that the required Cyber Security measures are not only in place, but robust enough to handle potential threats.
Let's Break Down The Five Essential Steps
There are a number of steps you can take to ensure that your organisation is prepared for Cyber Essentials certification assessment. These ensure that you’re ready to complete the Cyber Essentials questionnaire or Cyber Essential Plus audit.
1. Firewalls
Do you currently have a firewall presence?:
- Verify that a robust firewall is in place to act as a barrier between your internal network and external threats. This should be a key priority for your organisation and will provide the first line of defence against any potential threats.
Next up is configuration review:
- To be confident that your firewalls are not only in place but can be relied upon to work as required, your firewall configurations should be reviewed and updated where necessary. This should ensure they fully align with your security requirements.
It’s also important to confirm that only authorised traffic is permitted to reduce the risk of unauthorised access.
Lastly, patch management:
- Your firewall should be regularly updated with the latest security patches to address any potential vulnerabilities and emerging threats.
Failure to keep your firewalls updated can leave you vulnerable.
2. Secure Configuration
There are two main ways your organisation can become more secure:
Manage regular reviews:
- A regular process for reviewing and updating the security configurations on devices and software should be established.
This ensures that your system configurations are secure and equipped to cope with any emerging threats.
Utilise multi-factor authentication (MFA):
- MFA provides robust protection against external threats and should be implemented wherever feasible to add an extra layer of protection against unauthorised access.
3. Access Control
Are you doing everything to control your access?
-
What is your access management process?
A process for granting and revoking access to systems and data should be developed and documented. This should include defining user roles and permissions based on job responsibilities. This should be reviewed regularly to ensure that outdated permissions are removed.
-
Produce a need-to-know principle:
Access should be granted on a need-to-know basis ensuring that it is only given to individuals within the organisation who require it for their particular job functions. Details of this access should be recorded and available for reference should a security breach occur.
-
Have you thought about user activity monitoring?:
Monitoring tools to detect and promptly respond to any suspicious user activity should be deployed. This might include unusual login patterns or access attempts. This can provide early warning of attempted Cyber Security breaches.
4. Malware Protection
Add antivirus and anti-malware:
Conduct regular scanning:
- Regular scans of devices should be scheduled. These can identify and remove any malware that might have evaded initial detection.
Create an incident response plan:
- A clear incident response plan for addressing potential malware incidents should be developed. This should aim to minimise the potential damage while preventing further spread.
Your team should understand their individual roles within the incident response plan.
5. Security Update Management
Make sure you conduct regular updates
- A routine for installing security updates should be established. This is essential to ensure that any vulnerabilities in operating systems and software are quickly addressed before they have a chance to become a problem.
Do you have a testing process?
- Security updates should be tested in a controlled environment before they are deployed across the entire network. This identifies any potential deployment issues that might create disruptions and ensure the process is trouble free.
Create a vulnerability Remediation
- A process should be established for tracking and remediating any security vulnerabilities that have been identified.
The measures taken to remediate security vulnerabilities should be documented and assessed to ensure they are working as intended.
The Cyber Essentials Scheme Process
Before we can provide a quote or proceed with the assessment we need to understand your environment so that we can fully define the technical scope of what the test will cover.
You can then move onto populating the online Cyber Essentials questionnaire. This is when you need to meet the Cyber Essentials requirements. We will provide Cyber Essentials guidance throughout. However before this is submitted, our dedicated consultants will review your Cyber Essentials answers to check they meet the scheme’s requirements. If changes are required, we provide detailed guidance on areas which need improvement. Once successful, you are deemed as being Cyber Essentials compliant and you will be issued with a Cyber Essentials certification for 12 months.
After completing the Cyber Essentials certification we move onto the next stage. To pass Cyber Essentials Plus we need to run a series of security tests. This requires our experts to remotely conduct external and internal vulnerability scans. We will also conduct a series of other security checks to test the information obtained in your Cyber Essentials questionnaire. This then lets us know the areas of non compliance you may need to remediate before passing.
If vulnerabilities are discovered, or other areas of non-compliance, we will provide detailed remediation guidance which needs to be applied within 30 days of the Cyber Essentials Plus assessment.
Once you have followed all remediation steps, we will conduct a retest to check you comply with the CE+ criteria, you will then be awarded your CE+ certificate for 12 months.
Achieve Cyber Essentials certification with
Equilibrium Security
As an IASME assessor, Equilibrium Security can help you meet the requirements for IASME Cyber Essentials certification. With our step-by-step approach, we take time to get to know your unique challenges and deliver personalised Cyber Security services to keep your brand safe.
As your partners in Cyber Security, we can ensure you always stay ahead of any developing threats, whatever the size of your business and available resources. By gaining Cyber Essentials certification with Equilibrium Security, you can ensure your security is as robust as possible while giving confidence to customers, partners and suppliers.
To find out more about IASME Cyber Essentials and our comprehensive range of services contact us today.
- Get your Cyber Essentials Scheme basic certificate with expert guidance along the way.
- IASME Cyber Assurance (excellent alternative to ISO 27001)
- GDPR Readiness Assessments