Cyber Essentials Plus Certification – Our Latest Accreditation

Cyber Essentials Plus Certification – Our Latest Accreditation

“In achieving Cyber Essentials+ Certification, Value Match is continuing to demonstrate our commitment to professionalism and industry best practice.” David Shields, Value Match Director

Cyber Essentials is an information assurance scheme operated by the National Cyber Security Centre (NCSC).  It was launched in June 2014 by the Department for Business, Innovation and Skills and is endorsed by the UK Government.  Cyber Essentials certification has been required for suppliers to central UK government who handle sensitive and personal information since October 2014 (https://www.gov.uk/government/publications/procurement-policy-note-0914-cyber-essentials-scheme-certification).

It includes an assurance framework and straightforward security controls to protect information from threats coming from the internet.  It aims to assist organisations to adopt good practice around information security, preventing unauthorised access to the vast amounts of personal information we store online.

Certification involves conducting an independently verified self-assessment.  Organisations assess themselves against five basic security controls and a qualified assessor verifies the information provided.

The five main technical controls are:

1. Boundary firewalls and internet gateways: network security systems that monitor and control incoming and outgoing network traffic based on predetermined security rules.
2. Secure configuration: provides visibility and control of its performance, functional, and physical attributes.
3. Access control: the selective restriction of access to a place or other resource.
4. Malware protection: protection from any software intentionally designed to cause damage to a computer, server, client, or computer network.
5. Patch management: A patch is a set of changes to a computer program or its supporting data designed to update, fix, or improve it, including fixing security vulnerabilities.

The five basic controls within Cyber Essentials were chosen because, when properly implemented, they will help to protect against unskilled internet-based attackers using commodity capabilities – which are freely available on the internet.

Cyber Essentials Plus continues the Cyber Essentials trademark simplicity of approach, the protections and requirements, but Cyber Essentials Plus is a hands-on technical verification and audit, which when passed demonstrates an organisations compliance to the standard.

Organisations that undertake Cyber Essentials are encouraged to recertify at least once a year and, where appropriate, progress their security.

For further information please see www.cyberstreetwise.com/cyberessentials