Cyber Essentials Requirements
Understand the requirements to become Cyber Essentials Accreditated. Cyber Essentials is the basic level accreditation from the NCSC for Cyber Security.
Recieve a UK Government recognised Security Accrediation for your business
Be listed on a Government Directory of organisations awarded Cyber Essentials
Attract new business with the promise you have cyber security measures in place
Pentest People are a Cyber Essentials Certifying Body and can help you at all stages of your Cyber Essentials accreditation journey.
The initial level of Cyber Essentials certification has two specific requirements and both of these are performed remotely with no need for an onsite visit to your business premises.
The first requirement is the Self Assessment Questionaire. This is a form based questionnaire that is delivered through SecurePortal. The questionnaire covers the five technical controls of Cyber Essentials. The initial part of the questionnaire is to provide organisation details, technology in scope and details about the remote vulnerability scan for public-facing infrastructure. The next section is based on technical questions that cover the configuration of your corporate network.
The questionnaire is split into the following sections:
You are assessed against the answers to your questionnaire and each individual section requires a score of 70% in order to pass and be able to continue to the remote vulnerability scan.
The second requirement is the Remote Vulnerability Scan. Using the information provided in the self-assessment questionnaire, an infrastructure vulnerability scan is performed against the hosts as well as a web security scan against the web applications.
The results of these vulnerability scans are scored against an NCSC provided flowchart and any High-level vulnerabilities identified and classed as CVSS 7.0 or above would result in a fail.
As long as a passing result is obtained from both the self-assessment questionnaire and the remote vulnerability scan, the customer is awarded Stage 1 certification against the Cyber Essentials standard. The customer is provided with a certificate and associated use of the logo.
Pentest People are a Cyber Essentials Certifying Body and can perform and accredit you to both Stage 1 and Stage 2 of Cyber Essentials.
As well as the certification, Pentest People can also offer consultancy services including a GAP analysis against the 5 technical controls to ensure that you have adequate controls in place before you undertake a paid Stage 1 assessment.
Download the CREST Cyber Essentials Guide
More information about Cyber Essentials can be found on the NCSC Cyber Essentials Homepage.
Cyber Essentials is a scheme led by the UK Government to help organisation protect themselves against common cyber-security threats. There are two levels of certification that both demonstrate an ability to implement technical controls relating to information security.
Cyber Essentials is Stage 1 and consists of a Self Assessment Questionnaire and external vulnerability assessment of your Internet-facing infrastructure.
Cyber Essentials Plus is Stage 2 an extends Stage 1 by performing an onsite assessment of security controls including an internal authenticated scan of your workstations and mobile devices.
New FAQ : Answer
When you have undertaken your assessment and met all of the requirements of Cyber Essentials or Cyber Essentials plus you will receive the following: