Version 3.1 of the Cyber Essentials Requirements has been released, so all Cyber Essentials certifications started on or after 24th April will be assessed using this version.
Image courtesy NCSC
As first previewed in January, this 2023 update
is a ‘lighter touch’ than the major update in 2022, however it features several clarifications and some important new guidance.
Further details on these changes can be found in the national Cyber Security Centre (NCSC) earlier news article
and in a blog post from its Cyber Essentials delivery partner, IASME
. A refreshed set of FAQs
is also available.
This update is part of a regular review of the scheme’s technical controls, ensuring that it continues to help UK organisations guard against the most common cyber threats. All changes are based on feedback from assessors and applicants and have been made in consultation with technical experts from the NCSC.
As well as the updated requirements and new question set, IASME are also providing more guidance documents to help applicants during the certification process. This includes articles to help applicants understand the questions, as well as access to a dedicated knowledge base. These resources will become available over the coming months.
To access advice, guidance and technical requirements, click