The UK Government published revised Cyber Essentials requirements on 6th February. They have made the information easier to use, understand and reduce the potential for applicants to misinterpret requirements. Here is a summary of the main changes:
- Added requirement for authentication in services that allow Internet-based users to access data which must be protected.
- Removed requirement for regular password changes in Internet-facing services. Replaced with a choice of responses to deal with repeated failed authentication attempts.
- Added content to cover the use of certificate-based application whitelisting or sandboxing to defeat malware.
- Refined requirements for patching, to be more flexible about devices in scope yet also more specific.
More information on the changes can be found here.
The Cyber Essential scheme was developed for businesses to take that ‘first step’ to cyber security. As the scheme develops it’s refined to make the process more streamline for applicants.
If you have any questions about the Cyber Essentials Scheme or how the changes may affect you, please email firstname.lastname@example.org or call 0844 357 8900.