Cyber Essentials → ISO 27001 crosswalk

A control-by-control mapping between UK Cyber Essentials and ISO/IEC 27001:2022. 5 mappings.

Cyber Essentials	ISO 27001	Relationship	Notes
CE-1 Firewalls	A.8.9 Configuration management	PartialCurated	Secure configuration & hardening
CE-2 Secure configuration	A.8.9 Configuration management	EquivalentCurated	Secure configuration & hardening
CE-3 User access control	A.5.15 Access control	EquivalentCurated	Access control & identity
CE-3 User access control	A.5.16 Identity management	EquivalentCurated	Access control & identity
CE-5 Security update management	A.8.8 Management of technical vulnerabilities	EquivalentCurated	Vulnerability management

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.