What are the Cyber Essential Requirements?

The Cyber Essentials Certification consists of two main tests.

Self Assessment - Cyber Essentials

The initial Cyber Essentials self assessment test is made up of approximately 60 questions which centre around your environment, procedures and security posture.

The questions will gather information about your company, the scope of the assessment, the devices within your organisation and security configuration.

Particular attention will be focused on the following:

• Usernames and password management
• End of Life Software Management
• Security patching and updates
• Firewall management, particularly around services being exposed to the internet

Once the questions are completed an assessor will review your answers and provide feedback. If you pass this stage, you will be issued with a Cyber Essentials certificate.

On-site Test - Cyber Essentials Plus

Once you have passed the self assessment, the next stage to achieve Cyber Essentials Plus is to organise an on-site test. The on-site test will look to evidence the answers you gave in your self assessment.

The Cyber Essentials on-site test will require access to your network and devices and the assessor will run various technical tests. A vulnerability scan will be run and the results will inform the assessor if there are any vulnerabilities, such as out of date patches. Your malware protection will also be tested and assessed.

If you pass the onsite technical test, you will be awarded with a Cyber Essentials Plus Certificate.