Cyber Essentials Certification Checklist

Get ready for your Cyber Essentials self-assessment

The Cyber Essentials Scheme: How can Cyber Essentials benefit you?

The Cyber Essentials Scheme provides a step-by-step approach for small and medium-sized enterprises to develop a robust approach to their Cyber Security. Smaller companies can face a distinct set of security challenges and may have more limited resources to tackle them. 

How to achieve a Cyber Essential certification: 

Organisations are required to complete a self-assessment questionnaire that verifies that five key technical controls are in place.

  • Firewalls 
  • Secure Settings
  • Access Control 
  • Malware 
  • Relevant Software Updates

Equilibrium Security are one of the few Government Cyber Essentials UK Certification bodies within the Midlands. We have been working alongside IASME conducting Cyber Essentials and Cyber Essentials Plus assessments since 2016.

Ensuring You Are Cyber Essentials Ready

To ensure you are ready for Cyber Essential assessment, it’s important to complete a Cyber Security checklist. This should verify that all of the required technical controls and measures are in place prior to assessment. It can also allow you to take remedial action should you find that your security measures are not currently meeting the required standard.

What should be included in a Cyber Essentials certification checklist or Cyber Essential Plus checklist?

5 Essential Steps Required For Cyber Security Measures

1. Firewalls and routers

A firewall must be in place to protect your internet connected devices.

2. Secure Configuration

Prevent hackers gaining unauthorised access to your systems.

3. Access Control

Reduce the likelihood of unauthorised access, by controlling who can access sensitive data.

4. Malware Protection

Protect your organisation from virus’s, malware. Update your Cyber Essentials malware defences.

5. Security Update Management

Regularly update your applications & critical systems to identify & remediate vulnerabilities.

Let's Break Down The Five Essential Steps

There are a number of steps you can take to ensure that your organisation is prepared for Cyber Essentials certification assessment. These ensure that you’re ready to complete the Cyber Essentials questionnaire or Cyber Essential Plus audit. 

1. Firewalls

Do you currently have a firewall presence?:

Next up is configuration review:

It’s also important to confirm that only authorised traffic is permitted to reduce the risk of unauthorised access.

Lastly, patch management:

Failure to keep your firewalls updated can leave you vulnerable.

2. Secure Configuration

There are two main ways your organisation can become more secure:

Manage regular reviews:

This ensures that your system configurations are secure and equipped to cope with any emerging threats.

Utilise multi-factor authentication (MFA):

Cyber Essentials image of the cyber essentials and Cyber essentials plus

3. Access Control

Are you doing everything to control your access?

4. Malware Protection

Add antivirus and anti-malware:

Conduct regular scanning:

Create an incident response plan:

Your team should understand their individual roles within the incident response plan.

Computer with magnifying glass, cyber security expert

5. Security Update Management

Make sure you conduct regular updates 

Do you have a testing process?

Create a vulnerability Remediation

The measures taken to remediate security vulnerabilities should be documented and assessed to ensure they are working as intended.

The Cyber Essentials Scheme Process

Step 1
Define the Cyber Essentials scope

Before we can provide a quote or proceed with the assessment we need to understand your environment so that we can fully define the technical scope of what the test will cover.

Step 2
Complete the Cyber Essentials Questionnaire

You can then move onto populating the online Cyber Essentials questionnaire. This is when you need to meet the Cyber Essentials requirements. We will provide Cyber Essentials guidance throughout. However before this is submitted, our dedicated consultants will review your Cyber Essentials answers to check they meet the scheme’s requirements. If changes are required, we provide detailed guidance on areas which need improvement. Once successful, you are deemed as being Cyber Essentials compliant and you will be issued with a Cyber Essentials certification for 12 months.

Step 3
Technical Cyber Essentials Plus audit

After completing the Cyber Essentials certification we move onto the next stage. To pass Cyber Essentials Plus we need to run a series of security tests. This requires our experts to remotely conduct external and internal vulnerability scans. We will also conduct a series of other security checks to test the information obtained in your Cyber Essentials questionnaire. This then lets us know the areas of non compliance you may need to remediate before passing.

Step 4

If vulnerabilities are discovered, or other areas of non-compliance, we will provide detailed remediation guidance which needs to be applied within 30 days of the Cyber Essentials Plus assessment.

Step 5
Cyber Essentials Plus certification

Once you have followed all remediation steps, we will conduct a retest to check you comply with the CE+ criteria, you will then be awarded your CE+ certificate for 12 months.

Achieve Cyber Essentials certification with
Equilibrium Security

As an IASME assessor, Equilibrium Security can help you meet the requirements for IASME Cyber Essentials certification.  With our step-by-step approach, we take time to get to know your unique challenges and deliver personalised Cyber Security services to keep your brand safe.

As your partners in Cyber Security, we can ensure you always stay ahead of any developing threats, whatever the size of your business and available resources. By gaining Cyber Essentials certification with Equilibrium Security, you can ensure your security is as robust as possible while giving confidence to customers, partners and suppliers.

To find out more about IASME Cyber Essentials and our comprehensive range of services contact us today.