Cyber Essentials Accreditation – April 2023 Update

The Cyber Essentials Accreditation was created to provide a way for UK businesses to implement more effective cybersecurity protection. Given the speed at which threats to security evolve, it’s essential that the scheme continues to be updated to reflect this. In April 2023, the delivery partner for Cyber Essentials Accreditation (IASME) is updating the technical requirements for Cyber Essentials Accreditation so that it continues to be effective and relevant.

How is the update being managed?

Cyber Essentials Accreditation is being updated on 24th April 2023 so any applications not started before that date will now use the new questions and requirements that have been set. Cyber Essentials Accreditation remains a key benchmark when it comes to security for UK businesses. It has two levels: Cyber Essentials and Cyber Essentials PLUS and established 5 key technical controls that will protect any organisation against the most common cyber security threats. It’s well worth having Cyber Essentials Accreditation, no matter what your industry.

What does the update look like?

Although the update is not as in-depth and complex as last year’s there is still plenty to consider. These are some of the key elements to note.

• Changes to user devices declared: Other than network devices like firewalls and routers, all user devices that are declared within the scope of the certification only need the make and operating system to be listed. The model of the device is no longer necessary.
• What firmware means: Previously, the firmware had come under the definition of ‘software,’ which meant that requirements for keeping it up to date and supported were attached. As a result of this update, the firmware has been changed to mean just the firewall and router.
• The update contains new guidance on zero trust architecture for achieving CE.
• Unlocking devices: The update makes some changes to deal with problems that were arising around default settings on devices being unconfigurable (e.g. how many times a login can be unsuccessful before a device locks itself). Where there are issues the update allows for default settings to be used.
• How to treat third-party devices: The update to the Cyber Essentials Accreditation now contains a table on how to treat third-party devices in an application.
• Requirements for malware protection: As a result of the new update, sandboxing has been removed as an option. It’s also now no longer a requirement for software to be signature-based – the mechanism suitable for different device types has also been clarified in the update.
• Accessibility and ease of use: There are a number of changes that have been made to ensure that the language and format is as easy to use as possible. Plus, structural changes have created some reordering so that technical controls align with the updated self-assessment questions.

Cyber Essentials Accreditation is vital for most businesses today and provides a clear way to ensure that you have protection in place against many of the most common threats. The 2023 update adds to that protection and makes the scheme even more effective.

Become Cyber Essentials Accredited

Our experienced team will support you through Cyber Essentials Accreditation from sign-up to completion. We’ll ensure a smooth process and minimal disruption throughout. If you need help achieving your accreditations, our experienced team will support you throughout, from sign-up to completion. We’ll ensure a smooth process and minimal disruption throughout.

Contact us today!