Cyber Essentials
UK Cyber Essentials
A UK government-backed scheme covering five technical control areas that block the most common, untargeted attacks. Cyber Essentials Plus adds a hands-on technical audit.
Who it applies to
Any UK organization wanting a certified baseline against common internet threats. Required to bid for certain UK government contracts, especially those handling personal or sensitive information.
Technical controls
- CE-1 Firewalls10 mapped
Use firewalls to secure internet connections and protect devices, including changing default admin passwords.
- CE-2 Secure configuration10 mapped
Configure devices and software securely, removing default accounts and unnecessary functionality.
- CE-3 User access control16 mapped
Control access to data and services with least privilege and properly managed user accounts.
- CE-4 Malware protection
Protect against malware using anti-malware, application allow-listing or sandboxing.
- CE-5 Security update management10 mapped
Keep devices and software up to date and remove unsupported products.